Vulnerability Details CVE-2026-25037
An OS command injection
vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an
authenticated attacker to achieve remote code execution on the system by
configuring a maliciously crafted LCD state which is later processed
during system setup, enabling remote code execution.
Exploit prediction scoring system (EPSS) score
CVSS Severity
CVSS v3 Score 8.0