Vulnerability Details CVE-2025-2605
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53 and MB-Secure PRO from V01.06 before V03.09.Honeywell also recommends updating to the most recent version of this product.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.1%
CVSS Severity
CVSS v3 Score 9.9
Products affected by CVE-2025-2605
-
cpe:2.3:h:honeywell:mb-secure:-
-
cpe:2.3:h:honeywell:mb-secure_pro:-
-
cpe:2.3:o:honeywell:mb-secure_firmware:*
-
cpe:2.3:o:honeywell:mb-secure_pro_firmware:*