LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2025-14558

CVE-2025-14558 - Vulnerability Analysis

HighCVSS: 7.2

Last Updated: March 9, 2026

rtsol & rtsold - Command Injection

Published: March 9, 2026Updated: March 9, 2026PoC AvailableRemote Exploitable

Overview

rtsol(8) and rtsold(8) do not validate domain search list options in router advertisement messages, passing unquoted input to resolvconf(8) shell script, letting remote attackers execute arbitrary shell commands, exploit requires crafted router advertisement messages.

Severity & Score

Severity: High
CVSS Score: 7.2
EPSS Score: 5359.9%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary shell commands remotely, potentially leading to full system compromise.

Mitigation

Update to the latest version with input validation and proper quoting in resolvconf(8).

References

Social Media Activity(1 post)

ZEN SecDB
ZEN SecDB
@secdb
Apr 1, 2026

📈 CVE Published in last 30 days (2026-03-02 - 2026-04-01) See more at https://secdb.nttzen.cloud/dashboard Total CVEs: 6145 Severity: - Critical: 615 - High: 2408 - Medium: 2575 - Low: 237 - None: 310 Status: - : 52 - Analyzed: 2872 - Awaiting Analysis: 2622 - Modified: 245 - Received: 185 - Rejected: 58 - Undergoing Analysis: 111 Top CNAs: - GitHub, Inc.: 1471 - Patchstack: 699 - VulnCheck: 594 - VulDB: 577 - MITRE: 381 - Wordfence: 308 - kernel.org: 180 - Microsoft Corporation: 97 - Apple Inc.: 89 - Adobe Systems Incorporated: 86 Top Affected Products: - UNKNOWN: 3040 - Openclaw: 173 - Google Android: 101 - Apple Macos: 79 - Google Chrome: 75 - Wwbn Avideo: 65 - Parseplatform Parse-server: 56 - Mozilla Firefox: 48 - Apple Ipados: 44 - Open-emr Openemr: 44 Top EPSS Score: - CVE-2025-14558 - 53.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-14558) - CVE-2026-29058 - 42.99 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-29058) - CVE-2026-1492 - 29.00 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-1492) - CVE-2026-2025 - 26.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2025) - CVE-2026-2413 - 26.22 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2413) - CVE-2026-27971 - 23.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27971) - CVE-2023-7337 - 22.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2023-7337) - CVE-2026-33634 - 20.84 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634) - CVE-2026-2493 - 15.24 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-2493) - CVE-2025-71260 - 9.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2025-71260)

View original post

GitHub Repositories(2 repos)

Related Resources

Details

CVE ID
CVE-2025-14558
Severity
High
CVSS Score
7.2
Type
command_injection
Status
unconfirmed
EPSS
5359.9%
Social Posts
1

CWE

  • CWE-20

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score

5359.9%Probability of exploitation in the next 30 days