CVE-2025-48415

Published May 21, 2025

Last updated 2 months ago

CVSS medium 6.2

Overview

Description
A USB backdoor feature can be triggered by attaching a USB drive that contains specially crafted "salia.ini" files. The .ini file can contain several "commands" that could be exploited by an attacker to export or modify the device configuration, enable an SSH backdoor  or perform other administrative actions. Ultimately, this backdoor also allows arbitrary execution of OS commands.
Source
551230f0-3615-47bd-b7cc-93e92e730bbf
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.2
Impact score
3.6
Exploitability score
2.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity
MEDIUM

Weaknesses

551230f0-3615-47bd-b7cc-93e92e730bbf
CWE-749

Social media

Hype score
Not currently trending

  1. CVE-2025-48415 USB Backdoor Vulnerability Enabling Arbitrary Command Execution via Craf... https://t.co/EtrwUXHg9J Vulnerability Notification: https://t.co/xhLrNnfyrO

    @VulmonFeeds

    21 May 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.