CVE-2025-14707 | Shiguangwu sgwbox N3 2.0.25 DOCKER Feature http_eshell_server params command injection

Inserito da Angelo Barbosa | Dic 14, 2025 | CVE

A vulnerability has been found in Shiguangwu sgwbox N3 2.0.25 and classified as critical. Affected is an unknown function of the file /usr/sbin/http_eshell_server of the component DOCKER Feature. Performing manipulation of the argument params results in command injection.

This vulnerability was named CVE-2025-14707. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-14707 | Shiguangwu sgwbox N3 2.0.25 DOCKER Feature http_eshell_server params command injection

Post correlati

CVE-2024-9089 | SourceCodester Modern Loan Management System 1.0 update_loan_record.php amount cross site scripting

CVE-2024-26015 | Fortinet FortiProxy/FortiOS up to 7.0.18/7.2.10/7.4.3 IP Address Validation unknown vulnerability (FG-IR-23-446)

CVE-2025-25362 | Spacy-LLM 0.7.2 template server-side request forgery

CVE-2025-9439 | 1000projects Online Project Report Submission and Evaluation System edit_faculty.php?id=2 cross site scripting