CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-25504

An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV over IP products) v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444 without authentication and execute arbitrary commands with root privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.3%

CVSS Severity

CVSS v3 Score 6.5

References

http://gefen.com
https://www.troy-wilson.com/cve-2025-25504.html

Products affected by CVE-2025-25504

Niceforyou » Gefen Webfwc » Version: 1.70v

cpe:2.3:a:niceforyou:gefen_webfwc:1.70v
Niceforyou » Gefen Webfwc » Version: 1.85h

cpe:2.3:a:niceforyou:gefen_webfwc:1.85h
Niceforyou » Gefen Webfwc » Version: 1.86v

cpe:2.3:a:niceforyou:gefen_webfwc:1.86v
Niceforyou » Gefen Gf-Avip-Mc Firmware » Version: a5.22

cpe:2.3:o:niceforyou:gefen_gf-avip-mc_firmware:a5.22
Niceforyou » Gefen Gf-Avip-Mc Firmware » Version: a5.310

cpe:2.3:o:niceforyou:gefen_gf-avip-mc_firmware:a5.310

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-25504

Products

Pricing

Contact Us