CVE-2025-55423

Name: CVE-2025-55423
Creator: NVD / NIST
Published: 2026-01-20T18:16:04.81+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 3.33%

Last modified Jun 17, 2026

CVE-2025-55423 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A command injection vulnerability exists in the upnp_relay() function in multiple ipTIME router models because the controlURL value used to pass port-forwarding information to an upper router is passed to system() without proper validation or sanitization, allowing OS command injection.. EPSS estimates a 3.33% chance of exploitation in the next 30 days.

Description

A command injection vulnerability exists in the upnp_relay() function in multiple ipTIME router models because the controlURL value used to pass port-forwarding information to an upper router is passed to system() without proper validation or sanitization, allowing OS command injection.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

3.33%

87.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-94

Affected Software

Vendor	Product	Versions
Iptime	N104s-R1 Firmware	>= 9.90.8, <= 10.02.2
Iptime	N104v Firmware	>= 9.90.8, <= 10.06.8
Iptime	N1e Firmware	>= 9.90.8, <= 10.06.8
Iptime	N1plus Firmware	>= 9.90.8, <= 10.06.8
Iptime	N1plus-I Firmware	>= 9.99.6, <= 10.06.8
Iptime	N1v Firmware	>= 11.01.2, <= 12.07.6
Iptime	N2e Firmware	>= 9.90.8, <= 10.06.8
Iptime	N2eplus Firmware	>= 9.90.8, <= 10.06.8
Iptime	N2plus Firmware	>= 9.90.8, <= 10.06.8
Iptime	N2plus-I Firmware	>= 9.99.6, <= 10.06.8
Iptime	N2v Firmware	>= 10.09.2, <= 12.16.8
Iptime	N2vs Firmware	12.16.8
Iptime	N3 Firmware	>= 9.93.2, <= 10.06.8
Iptime	N3-I Firmware	>= 9.99.6, <= 10.06.8
Iptime	N5 Firmware	>= 9.90.8, <= 10.06.8
Iptime	N5-I Firmware	>= 9.99.6, <= 10.06.8
Iptime	N6 Firmware	>= 9.96.8, <= 10.06.8
Iptime	N600 Firmware	>= 10.00.8, <= 12.16.2
Iptime	N6004r Firmware	>= 9.90.8, <= 10.02.2
Iptime	N602e Firmware	>= 11.96.6, <= 12.16.8
Iptime	N602eplus Firmware	>= 12.14.2, <= 12.16.2
Iptime	N602se Firmware	>= 14.19.0, <= 14.19.4
Iptime	N604 Black Firmware	>= 9.93.8, <= 12.16.2
Iptime	N604a Firmware	>= 9.90.8, <= 10.06.8
Iptime	N604e Firmware	>= 10.09.2, <= 14.19.4
Iptime	N604eplus Firmware	>= 12.14.2, <= 14.19.4
Iptime	N604plus Firmware	>= 9.90.8, <= 12.15.2
Iptime	N604plus-I Firmware	>= 9.99.6, <= 12.14.6
Iptime	N604r Firmware	>= 9.90.8, <= 10.06.8
Iptime	N604rplus Firmware	>= 9.90.8, <= 10.06.8
Iptime	N604rplus-I Firmware	>= 9.99.6, <= 10.06.8
Iptime	N604s Firmware	>= 9.90.8, <= 10.06.8
Iptime	N604se Firmware	>= 14.18.4, <= 14.19.4
Iptime	N604t Firmware	>= 9.90.8, <= 10.03.2
Iptime	N604tplus Firmware	>= 9.90.8, <= 10.03.2
Iptime	N604v Firmware	>= 9.90.8, <= 10.06.8
Iptime	N604vplus Firmware	>= 9.90.8, <= 10.06.8
Iptime	N7004ns Firmware	9.91.2
Iptime	N702bcm Firmware	>= 9.90.8, <= 12.16.2
Iptime	N702e Firmware	>= 10.09.2, <= 12.16.2
Iptime	Ax11000 Firmware	>= 14.16.6, <= 14.19.4
Iptime	Ax2002mesh Firmware	>= 14.16.6, <= 14.19.4
Iptime	Ax2004 Firmware	>= 14.17.4, <= 14.19.4
Iptime	Ax2004bcm Firmware	>= 12.04.2, <= 14.19.4
Iptime	Ax2004m Firmware	>= 14.02.0, <= 14.19.4
Iptime	Ax3004bcm Firmware	>= 14.16.2, <= 14.19.4
Iptime	Ax3004itl Firmware	>= 12.01.2, <= 14.19.4
Iptime	Ax8004bcm Firmware	>= 11.97.2, <= 14.19.4
Iptime	Ax8004m Firmware	>= 14.05.2, <= 14.19.4
Iptime	Ax8008m Firmware	>= 14.15.4, <= 14.19.4

Showing 50 of 164 affected configurations. See NVD for the full list.

References

https://docs.google.com/spreadsheets/d/1kryOFltCmnPJvDTpIrudgryt79uI4PWchuQ8-Gak24c/edit?usp=sharingThird Party Advisory
https://github.com/0x0xxxx/CVE/blob/main/CVE-2025-55423/README.mdExploit, Third Party Advisory
https://github.com/0x0xxxx/CVE/blob/main/CVE-2025-55423/assets/affected_products_cve_format.jsonThird Party Advisory
https://iptime.com/iptime/?pageid=4&page_id=126&dfsid=3&dftid=583&uid=25203&mod=documentVendor Advisory

Timeline

Published: Jan 20, 2026
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2025-55423?

How severe is CVE-2025-55423?

CVE-2025-55423 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 3.33% probability of exploitation in the next 30 days.

How do I fix CVE-2025-55423?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-55423?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST