CVE-2025-43979

Published August 5th, 2025

View on NVD ↗

CVSS v3

7.4

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN that allows authenticated attackers to execute arbitrary OS system commands with root privileges via crafted payloads to the xml_action.cgi?method= endpoint.

actuator/cve

Cyber Security Research, Advisories & Public CVE Archive

GitHub