PT-2026-22262 · Xweb Pro · Xweb Pro

Amir Zaltzman

Published

2026-02-27

Updated

2026-03-09

CVE-2026-25195

CVSS v3.1

8.0

High

Vector

AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions XWEB Pro versions 1.12.1 and earlier

Description An operating system command injection issue exists in XWEB Pro. A successful exploit allows an authenticated attacker to execute code remotely on the system by providing a manipulated firmware update file through the firmware update path. The vulnerable component is the firmware update route. The vulnerable parameter is the firmware update file.

Recommendations Versions prior to 1.12.1 should be updated.

Fix

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2026-25195

Affected Products

Xweb Pro

PT-2026-22262 · Xweb Pro · Xweb Pro

CVE-2026-25195

Weakness Enumeration

Related Identifiers

Affected Products

References · 11