ByteOS Network

NVD Vulnerability Details :

CVE-2025-59818

Analyzed

Source-cert@ncsc.nl

Published At-04 Feb, 2026 | 11:16

Updated At-11 Feb, 2026 | 20:20

This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Type	Version	Base score	Base severity	Vector
Secondary	3.1	10.0	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 10.0

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

zenitel>>tcis-3_firmware>>Versions before 9.2.3.3(exclusive)

CWE ID	Type	Source
CWE-77	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-77

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Hyperlink	Source	Resource
https://wiki.zenitel.com/wiki/Turbine_9.3_-_Release_notes	cert@ncsc.nl	Release Notes
https://wiki.zenitel.com/wiki/VSF-Display_Series_9.3_Release_Notes	cert@ncsc.nl	Release Notes
https://wiki.zenitel.com/wiki/VSF-Fortitude6_9.3_Release_Notes	cert@ncsc.nl	Release Notes
https://wiki.zenitel.com/wiki/VSF-Fortitude8_9.3_Release_Notes	cert@ncsc.nl	Release Notes
https://wiki.zenitel.com/wiki/ZIPS_9.3_-_Release_notes	cert@ncsc.nl	Release Notes
https://www.zenitel.com/sites/default/files/2025-12/A100K12333%20Zenitel%20Security%20Advisory.pdf	cert@ncsc.nl	Vendor Advisory