CVE-2025-23239

Name of the Vulnerable Software and Affected Versions: iControl versions prior to the fixed version

Description: A remote command injection vulnerability exists in an undisclosed iControl REST endpoint when running in Appliance mode. This issue allows an authenticated attacker to cross a security boundary. The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited.

Recommendations: For versions prior to the fixed version, update to the latest version to resolve the issue. As a temporary workaround, consider restricting access to the undisclosed iControl REST endpoint until a patch is available. Avoid using the vulnerable iControl REST endpoint in Appliance mode until the issue is resolved.