CVE-2025-31713

CVSS 8.4 HIGHEPSS 0.7%

In short

A hidden service in engineer mode allows attackers to inject malicious commands through improperly validated input, giving them higher privileges on the system without needing special access first.

Technical detail

The engineer mode service fails to properly sanitize user-supplied input, enabling OS command injection that bypasses privilege boundaries. An unauthenticated or low-privileged local attacker can execute arbitrary commands with elevated privileges, achieving local privilege escalation without requiring pre-existing elevated permissions.

Summary generated and translated by AI from the official description.

In engineer mode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Unisoc (Shanghai) Technologies Co., Ltd. · SL8521E/SL8521ET/ SL8541E/UIS8141E/UWS6137/UWS6137E/UWS6151(E)/UWS6152

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.unisoc.com/en_us/secy/announcementDetail/1944933773300793346