CVE-2025-7578 | Teledyne FLIR FB-Series O/FLIR FH-Series ID 1.3.2.16 runcmd.sh sendCommand cmd command injection

A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Series ID 1.3.2.16. It has been declared as critical. This vulnerability affects the function sendCommand of the file runcmd.sh. The manipulation of the argument cmd leads to command injection.

This vulnerability was named CVE-2025-7578. The attack can be initiated remotely. There is no exploit available.

The researcher highlights, that “[a]lthough this functionality is currently disabled due to server CGI configuration errors, it is essentially a ‘time bomb’ waiting to be activated”. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-7578 | Teledyne FLIR FB-Series O/FLIR FH-Series ID 1.3.2.16 runcmd.sh sendCommand cmd command injection

Post correlati

CVE-2023-46442 | Soot up to 4.4.0 retrieveActiveBody denial of service

CVE-2023-50349 | HCL Sametime up to 12.0.1 FP1 REST API cross-site request forgery (KB0109082)

CVE-2025-5406 | chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513 posts.php?source=add_post image unrestricted upload

CVE-2024-7013 | Panasonic Control FPWIN Pro up to 7.7.2.0 Project File stack-based overflow