CVE-2025-22962

by Fred · 13/02/2025

A critical remote code execution (RCE) vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters when debugging mode is enabled. An attacker with a valid session ID (sess_id) can send specially crafted POST requests to the /json endpoint, enabling arbitrary command execution on the underlying system. This vulnerability can lead to full system compromise, including unauthorized access, privilege escalation, and potentially full device takeover.

More information : https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-22962

CVE-2025-22962

Similar

Recent Posts

Categories

CVE-2025-22962

Share this:

Similar

Recent Posts

Categories

Tags