CVE-2025-57431
Last modified
CVE-2025-57431 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. The Sound4 PULSE-ECO AES67 1.22 web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the firmware.. EPSS estimates a 0.32% chance of exploitation in the next 30 days.
Description
The Sound4 PULSE-ECO AES67 1.22 web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the firmware.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sound4 | Pulse-Eco Aes67 Firmware | 1.22 |
References
- https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-57431Exploit, Third Party Advisory
- https://www.sound4.comProduct
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-57431?
How severe is CVE-2025-57431?
How do I fix CVE-2025-57431?
Are you affected by CVE-2025-57431?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST