CVE-2025-25504

Name of the Vulnerable Software and Affected Versions Gefen WebFWC (In AV over IP products) versions 1.70, 1.85h, 1.86v

Description An issue in the /usr/local/bin/jncs.sh script allows attackers with network access to connect to the device over TCP port 4444 without authentication and execute arbitrary commands with root privileges.

Recommendations For version 1.70, update to a fixed version if available. For version 1.85h, update to a fixed version if available. For version 1.86v, update to a fixed version if available. As a temporary workaround, consider restricting access to the /usr/local/bin/jncs.sh script to minimize the risk of exploitation. Restrict access to TCP port 4444 to prevent unauthorized connections.