logo_clicknbuy.png

CVE-2025-7578 – Teledyne FLIR FB-Series and FH-Series Command Injection Vulnerability

The following table lists the changes that have been made to the
CVE-2025-7578 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by [email protected]

    Jul. 14, 2025

    Action Type Old Value New Value
    Added Description A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Series ID 1.3.2.16. It has been declared as critical. This vulnerability affects the function sendCommand of the file runcmd.sh. The manipulation of the argument cmd leads to command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The researcher highlights, that “[a]lthough this functionality is currently disabled due to server CGI configuration errors, it is essentially a ‘time bomb’ waiting to be activated”. The vendor was contacted early about this disclosure but did not respond in any way.
    Added CVSS V4.0 AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CVSS V3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
    Added CVSS V2 (AV:N/AC:H/Au:S/C:P/I:P/A:P)
    Added CWE CWE-77
    Added CWE CWE-74
    Added Reference https://github.com/waiwai24/0101/blob/main/CVEs/FLIR/Command_Injection_Vulnerability_in_Developer_Backdoor_Page.md
    Added Reference https://vuldb.com/?ctiid.316276
    Added Reference https://vuldb.com/?id.316276
    Added Reference https://vuldb.com/?submit.609551
Share the Post:

Related Posts