CVE-2025-46418

Westermo Network Technologies has reported a critical vulnerability in its WeOS 5 operating system, used primarily in industrial settings. The vulnerability, identified as CVE-2025-46418, is a result of improper neutralization of special elements utilized in operating system commands, commonly referred to as OS command injection. This issue allows an attacker, provided they have administrative permissions, to execute commands outside of their typical access rights, thereby posing a significant risk to system integrity and security.

This OS command injection vulnerability affects all versions of WeOS 5 starting from version 5.24, with a calculated CVSS v4 score of 8.7, indicating the severity of potential exploits. Organizations utilizing this operating system in critical infrastructure sectors—including commercial facilities, manufacturing, and energy—are urged to implement immediate defensive measures. Recommended actions from Westermo and CISA include restricting administrative access to trusted users and employing secure remote access methods such as VPNs, while also ensuring systems are not directly accessible from the internet.

Although no known public exploitation targeting this vulnerability has been reported thus far, the complexity of successful attacks remains high, emphasizing the need for proactive cybersecurity practices. CISA encourages users to adhere to best practices for managing administrative accounts and securing their networks against potential intrusions.

What steps are you taking to secure your systems against similar vulnerabilities?

Learn More: CISA

👉 Subscribe to /r/PwnHub