← back
CVE-2025-15389

QNO Technology|VPN Firewall - OS Command Injection

CVSS 8.7 HIGHEPSS 1.1%CWE-78
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.7EPSS 1.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
31 Dec 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
QNO Technology · VPN Firewall

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.twcert.org.tw/en/cp-139-10614-dee41-2.htmlhttps://www.twcert.org.tw/tw/cp-132-10613-e1780-1.html