CVE-2025-57431

Name of the Vulnerable Software and Affected Versions Sound4 PULSE-ECO AES67 version 1.22

Description The web-based management interface is susceptible to Remote Code Execution (RCE) through a malicious firmware update package. The system does not properly validate the integrity of the manual.sh script during the update process. This allows an attacker to inject arbitrary commands by modifying this script and repackaging the firmware.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.