CVE-2025-40948

Name of the Vulnerable Software and Affected Versions RUGGEDCOM ROX MX5000 versions prior to V2.17.1 RUGGEDCOM ROX MX5000RE versions prior to V2.17.1 RUGGEDCOM ROX RX1400 versions prior to V2.17.1 RUGGEDCOM ROX RX1500 versions prior to V2.17.1 RUGGEDCOM ROX RX1501 versions prior to V2.17.1 RUGGEDCOM ROX RX1510 versions prior to V2.17.1 RUGGEDCOM ROX RX1511 versions prior to V2.17.1 RUGGEDCOM ROX RX1512 versions prior to V2.17.1 RUGGEDCOM ROX RX1524 versions prior to V2.17.1 RUGGEDCOM ROX RX1536 versions prior to V2.17.1 RUGGEDCOM ROX RX5000 versions prior to V2.17.1

Description Improper input validation in the web server's JSON-RPC interface allows an authenticated remote attacker to read arbitrary files from the underlying operating system's filesystem with root privileges.

Recommendations Update to version V2.17.1 or later.