CVE-2025-63220

Name of the Vulnerable Software and Affected Versions Sound4 FIRST (affected versions not specified)

Description The Sound4 FIRST web-based management interface is susceptible to Remote Code Execution (RCE) through a maliciously crafted firmware update package. The system’s update process does not properly validate the integrity of the manual.sh script. An attacker can exploit this by modifying the script to include arbitrary commands and then repackaging the firmware to deliver the malicious payload. This allows for the execution of unauthorized code on the affected system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.