CVE-2025-3459

Name of the Vulnerable Software and Affected Versions Quantenna Wi-Fi chipset versions prior to 8.0.0.28

Description The Quantenna Wi-Fi chipset ships with a local control script, transmit file, that is vulnerable to command injection. This issue is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command (Argument Injection)". The vendor has released a best practices guide for implementors of this chipset.

Recommendations For versions prior to 8.0.0.28, consider disabling the transmit file script until a patch is available. Implement the best practices guide provided by the vendor to minimize the risk of exploitation.