AI description
CVE-2025-54322 affects Xspeeder SXZOS through 2025-12-26. It allows for root remote code execution via base64-encoded Python code. The vulnerability is located in the `chkid` parameter to `vLogin.py`, and the `title` and `oIP` parameters are also used. To remediate this vulnerability, it is recommended to restrict input to the `chkid` parameter and sanitize all user-supplied data. Other recommendations include validating and restricting input for the `chkid` parameter, disabling or restricting access to `vLogin.py`, and updating Xspeeder SXZOS to the latest version.
- Description
- Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to vLogin.py. The title and oIP parameters are also used.
- Source
- cve@mitre.org
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- cve@mitre.org
- CWE-95
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
11
CVE-2025-54322: The First Zero-Day Found by AI That the Human Manufacturers Couldn't See for 7 Months Read the full report on - https://t.co/MPUpaUE8L1 https://t.co/hLip2YaAcD
@Iambivash007
29 Dec 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ثغرة CVE-2025-54322 في أجهزة XSpeeder (SXZOS) تُمكّن من تنفيذ أوامر عن بُعد دون مصادقة، ما يعرّض أكثر من 70,000 مضيف للخطر. Xspeeder هي شركة صينية متخصصة بأجهزة الشبكات المتطور
@fad_777
29 Dec 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
中華NW機器製造業Xspeeder社の機器にCVSSスコア10の脆弱性。CVE-2025-54322。pwn.ai社のAIエージェントによる発見で、同社はAIエージェントが史上初めて発見したリモートから悪用可能でPoC(攻撃の概念実証コード)
@__kokumoto
29 Dec 2025
835 Impressions
5 Retweets
7 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-54322 i Xspeeder SXZOS möjliggör fjärrkodexekvering via chkid-parametern i https://t.co/rESGYMf1lN. En kritisk sårbarhet för alla användare av plattformen. Skydda dig genom att uppdatera nu! #säkerhet #cybersäkerhet #CVE
@Sakerhetsblogg
27 Dec 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub - Sachinart/CVE-2025-54322: CVE-2025-54322 - XSpeeder SXZOS Pre-Auth RCE 0day Finder Quick https://t.co/QLRFDd0Uob
@akaclandestine
27 Dec 2025
3112 Impressions
5 Retweets
30 Likes
19 Bookmarks
0 Replies
0 Quotes
CVE-2025-54322 (ZERODAY) - Unauthenticated Root RCE affecting ~70,000+ Hosts | https://t.co/L3Ut2DS5q5 Security Research https://t.co/YO5A5zTYDJ
@akaclandestine
27 Dec 2025
2238 Impressions
3 Retweets
18 Likes
7 Bookmarks
0 Replies
0 Quotes
CVE-2025-54322 Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to https://t.co/v9YXzNh19c. The title and oIP parameters a… https://t.co/A3vToUmEPl
@CVEnew
27 Dec 2025
214 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 CVE-2025-54322 - Critical Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to https://t.co/nXK9oDCVwD. The title and oIP parameters are also used. https://t.co/PURfSAYV4X https://t.co/a82POMWevb
@TheHackerWire
27 Dec 2025
124 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-54322: CRITICAL] Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to https://t.co/Gcb2uae4Ap. The title and oIP parameters are also used.#cve,CVE-2025-54322,#cybersecurity https://t.co/zsTRy8xISr h
@CveFindCom
27 Dec 2025
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Decoding #CVE-2025-54322: A Deep Dive into the XSpeeder SXZOS Pre-Auth RCE 0‑Day + Video https://t.co/20bNgF5rDi Educational Purposes!
@UndercodeUpdate
27 Dec 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes