← back
CVE-2025-54084

Calix Gigacenter ONT - Command Injection

CVSS 8.5 HIGHEPSS 0.8%CWE-78
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.5EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
09 Sep 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
OS Command ('OS Command Injection') vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows authenticated attackers with 'super' user credentials to execute arbitrary OS commands through improper input validation, potentially leading to full system compromise.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE.
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Calix · GigaCenter ONT

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://fluidattacks.com/advisories/bacalaohttps://revers3everything.com/calix-case-five-0-days-five-cves/https://www.calix.com