PT-2025-32149 · Unknown · Cl4/6Nx-J Plus+1

Masahiro Iida

Published

2025-08-04

Updated

2025-08-07

CVE-2025-22470

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions CL4/6NX Plus versions prior to 1.15.5-r1 CL4/6NX-J Plus (Japan model) versions prior to 1.15.5-r1

Description The CL4/6NX Plus and CL4/6NX-J Plus devices are susceptible to arbitrary Lua script execution. This occurs due to the ability to upload crafted dangerous files. Successful exploitation allows execution of Lua scripts with root privileges on the system.

Recommendations Update CL4/6NX Plus to firmware version 1.15.5-r1 or later. Update CL4/6NX-J Plus (Japan model) to firmware version 1.15.5-r1 or later.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

BDU:2025-09584

CVE-2025-22470

Affected Products

Cl4/6Nx Plus

Cl4/6Nx-J Plus

PT-2025-32149 · Unknown · Cl4/6Nx-J Plus+1

CVE-2025-22470

Weakness Enumeration

Related Identifiers

Affected Products

References · 10