Kieback&Peter Neutrino-GLT product is used for building management. It's web component "SM70 PHWEB" is vulnerable to shell command injection via login form. The injected commands would execute with low privileges. The vulnerability has been fixed in version 9.40.02
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| https://cert.pl/en/posts/2026/01/CVE-2025-6225/ |
Configurations
No configuration.
History
No history.
Information
Published : 2026-01-07 14:15
Updated : 2026-01-08 18:08
NVD link : CVE-2025-6225
Mitre link : CVE-2025-6225
CVE.ORG link : CVE-2025-6225
JSON object : View
Products Affected
No product.
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')