CVE-2025-11546

Name of the Vulnerable Software and Affected Versions CLUSTERPRO X for Linux versions 4.0 through 5.2 EXPRESSCLUSTER X for Linux versions 4.0 through 5.2 CLUSTERPRO X SingleServerSafe for Linux versions 4.0 through 5.2 EXPRESSCLUSTER X SingleServerSafe for Linux versions 4.0 through 5.2 NEC Corporation UNIVERGE IX versions 9.5 through 10.7 NEC Corporation UNIVERGE IX versions 10.8.21 through 10.8.36 NEC Corporation UNIVERGE IX versions 10.9.11 through 10.9.24 NEC Corporation UNIVERGE IX versions 10.10.21 through 10.10.31 NEC Corporation UNIVERGE IX version 10.11.6 NEC Corporation UNIVERGE IX-R/IX-V versions 1.3.16 and 1.3.21

Description The software is susceptible to a condition where an attacker can send specially crafted network packets to the product, potentially leading to the execution of arbitrary operating system commands without authentication. The issue is a Cross-Site Scripting (XSS) flaw that can escalate to Remote Code Execution (RCE).

Recommendations CLUSTERPRO X for Linux versions 4.0 through 5.2: At the moment, there is no information about a newer version that contains a fix for this vulnerability. EXPRESSCLUSTER X for Linux versions 4.0 through 5.2: At the moment, there is no information about a newer version that contains a fix for this vulnerability. CLUSTERPRO X SingleServerSafe for Linux versions 4.0 through 5.2: At the moment, there is no information about a newer version that contains a fix for this vulnerability. EXPRESSCLUSTER X SingleServerSafe for Linux versions 4.0 through 5.2: At the moment, there is no information about a newer version that contains a fix for this vulnerability. NEC Corporation UNIVERGE IX versions 9.5 through 10.7: At the moment, there is no information about a newer version that contains a fix for this vulnerability. NEC Corporation UNIVERGE IX versions 10.8.21 through 10.8.36: At the moment, there is no information about a newer version that contains a fix for this vulnerability. NEC Corporation UNIVERGE IX versions 10.9.11 through 10.9.24: At the moment, there is no information about a newer version that contains a fix for this vulnerability. NEC Corporation UNIVERGE IX versions 10.10.21 through 10.10.31: At the moment, there is no information about a newer version that contains a fix for this vulnerability. NEC Corporation UNIVERGE IX version 10.11.6: At the moment, there is no information about a newer version that contains a fix for this vulnerability. NEC Corporation UNIVERGE IX-R/IX-V versions 1.3.16 and 1.3.21: At the moment, there is no information about a newer version that contains a fix for this vulnerability.