AI description
CVE-2025-54322 affects Xspeeder SXZOS through 2025-12-26. It allows for root remote code execution via base64-encoded Python code. The vulnerability is located in the `chkid` parameter to `vLogin.py`, and the `title` and `oIP` parameters are also used. To remediate this vulnerability, it is recommended to restrict input to the `chkid` parameter and sanitize all user-supplied data. Other recommendations include validating and restricting input for the `chkid` parameter, disabling or restricting access to `vLogin.py`, and updating Xspeeder SXZOS to the latest version.
- Description
- Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to vLogin.py. The title and oIP parameters are also used.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- sxzos
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
#VulnerabilityReport #AIAgents CVE-2025-54322 (CVSS 10): AI Agents Uncover Critical Zero-Day in Global Networking Gear https://t.co/lXVXGtXOJB
@Komodosec
2 Feb 2026
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New Critical CVE: CVE-2025-54322 📊 Score: 10.0 📝 Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chki... 🔗 Read Details: https://t.co/tHHDV9rIfW #CVE #CyberSecurity #WatchStack
@watchstackio
10 Jan 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Why CVE-2025-54322 is a Critical Threat to International High-Speed Rail Read the full report on - https://t.co/vEshPZaD33 https://t.co/M59meyNhBA
@cyberbivash
2 Jan 2026
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54322 (CVSS:10.0, CRITICAL) is Undergoing Analysis. Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid paramete..https://t.co/PGVEoSZVCf #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
1 Jan 2026
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical 0-day RCE (CVE-2025-54322) in XSpeeder SXZOS firmware: Unauthenticated root access affecting 70,000+ exposed SD-WAN appliances, edge routers & smart TV controllers worldwide. No patch yet—vendor unresponsive after 7 months. #RCE https://t.co/okEYlU8DK7
@The_Hunt_x
1 Jan 2026
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
How CVE-2025-54322 is Turning 70,000+ Corporate Gateways into Hacker Backdoors Read the full report on - https://t.co/yxv2kmXmcj https://t.co/A8OCJzmQ9O
@cyberbivash
31 Dec 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
در تجهیزات شبکه ای XSpeeder SXZOS آسیب پذیری با کد شناسایی CVE-2025-54322 از نوع RCE منتشر شده است که به هکرها امکان اجرای کد به صورت Remote و با دسترسی Root را بدون اینکه احراز
@EthicalSafe
30 Dec 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🤖💀 BREAKING: An AI just hacked 70,000+ routers before humans even knew there was a problem. The XSpeeder 0-day (CVE-2025-54322) gives attackers unauthenticated ROOT access with a single HTTP request. https://t.co/RJtB5cEV8j #Cybersecurity #ZeroDay #AI https://t.co/f0owvN
@nxtgen579255
30 Dec 2025
94 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54322 (CVSS 10): AI Agents Uncover Critical Zero-Day in Global Networking Gear https://t.co/DtrHt5mDS7
@Karma_X_Inc
29 Dec 2025
262 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical XSpeeder 0-Day (CVE-2025-54322) Exposes 70K Edge Devices as Vendor Stays Silent Researchers disclosed an unauthenticated 0-day in XSpeeder SXZOS where injecting payloads into the `chkid` parameter of `https://t.co/40NbYNokIP` can yield remote command execution with
@ThreatSynop
29 Dec 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical 0-day RCE flaw CVE-2025-54322 in widely used networking devices exposes over 70,000 hosts, enabling full unauthenticated takeover. Orgs should assess exposure. #RCE https://t.co/qDX7IIaoP1
@threatcluster
29 Dec 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54322 - Xspeeder SXZOS through 2025-12-26 Remote Code Execution Seventy thousand devices exposed, No authentication required, it's supposed. Remote code runs free, No patch, no decree, The vendor's support line is closed. O XSpeeder, what hast thou done? Thy networks h
@gothburz
29 Dec 2025
5072 Impressions
5 Retweets
57 Likes
3 Bookmarks
4 Replies
0 Quotes
AI Uncovers Critical Flaw Exposing 70,000 XSpeeder Devices Researchers disclose CVE-2025-54322, a critical unpatched vulnerability in XSpeeder networking equipment identified by AI agents. Approximately 70,000 industrial and branch devices are vulnerable, posing significant http
@Secwiserapp
29 Dec 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54322: The First Zero-Day Found by AI That the Human Manufacturers Couldn't See for 7 Months Read the full report on - https://t.co/MPUpaUE8L1 https://t.co/hLip2YaAcD
@cyberbivash
29 Dec 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ثغرة CVE-2025-54322 في أجهزة XSpeeder (SXZOS) تُمكّن من تنفيذ أوامر عن بُعد دون مصادقة، ما يعرّض أكثر من 70,000 مضيف للخطر. Xspeeder هي شركة صينية متخصصة بأجهزة الشبكات المتطور
@fad_777
29 Dec 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
中華NW機器製造業Xspeeder社の機器にCVSSスコア10の脆弱性。CVE-2025-54322。pwn.ai社のAIエージェントによる発見で、同社はAIエージェントが史上初めて発見したリモートから悪用可能でPoC(攻撃の概念実証コード)
@__kokumoto
29 Dec 2025
1969 Impressions
9 Retweets
15 Likes
2 Bookmarks
1 Reply
0 Quotes
CVE-2025-54322 i Xspeeder SXZOS möjliggör fjärrkodexekvering via chkid-parametern i https://t.co/rESGYMf1lN. En kritisk sårbarhet för alla användare av plattformen. Skydda dig genom att uppdatera nu! #säkerhet #cybersäkerhet #CVE
@Sakerhetsblogg
27 Dec 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub - Sachinart/CVE-2025-54322: CVE-2025-54322 - XSpeeder SXZOS Pre-Auth RCE 0day Finder Quick https://t.co/QLRFDd0Uob
@akaclandestine
27 Dec 2025
3112 Impressions
5 Retweets
30 Likes
19 Bookmarks
0 Replies
0 Quotes
CVE-2025-54322 (ZERODAY) - Unauthenticated Root RCE affecting ~70,000+ Hosts | https://t.co/L3Ut2DS5q5 Security Research https://t.co/YO5A5zTYDJ
@akaclandestine
27 Dec 2025
2238 Impressions
3 Retweets
18 Likes
7 Bookmarks
0 Replies
0 Quotes
CVE-2025-54322 Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to https://t.co/v9YXzNh19c. The title and oIP parameters a… https://t.co/A3vToUmEPl
@CVEnew
27 Dec 2025
214 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 CVE-2025-54322 - Critical Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to https://t.co/nXK9oDCVwD. The title and oIP parameters are also used. https://t.co/PURfSAYV4X https://t.co/a82POMWevb
@TheHackerWire
27 Dec 2025
124 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-54322: CRITICAL] Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to https://t.co/Gcb2uae4Ap. The title and oIP parameters are also used.#cve,CVE-2025-54322,#cybersecurity https://t.co/zsTRy8xISr h
@CveFindCom
27 Dec 2025
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Decoding #CVE-2025-54322: A Deep Dive into the XSpeeder SXZOS Pre-Auth RCE 0‑Day + Video https://t.co/20bNgF5rDi Educational Purposes!
@UndercodeUpdate
27 Dec 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xspeeder:sxzos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "76FD15BE-17CE-4BC3-9CB9-16C8C8064907",
"versionEndIncluding": "2025-12-26"
}
],
"operator": "OR"
}
]
}
]