What is CVE-2025-0356?

A high-severity vulnerability in NEC Corporation's Aterm WX1500HP and WX3600HP models allows attackers to execute arbitrary OS commands remotely. Immediate action is necessary to mitigate potential risks.

What is the severity of CVE-2025-0356?

CVE-2025-0356 has a severity rating of HIGH with a CVSS base score of 7.2.

CVE-2025-0356 | High Vulnerability in NEC Corporation Aterm

The vulnerability identified as CVE-2025-0356 pertains to NEC Corporation's Aterm WX1500HP and WX3600HP models. This vulnerability allows an attacker to execute arbitrary OS commands via the network, representing a significant security risk.

With a CVSS score of 7.2, classified as high severity, this vulnerability poses critical risks to organizations. The ability for an attacker to execute arbitrary commands could lead to unauthorized access, data breaches, and potential system compromise.

The attack vector is network-based with low complexity, requiring high privileges, but without the need for user interaction. The impacts on confidentiality, integrity, and availability are all rated as high.

Organizations utilizing affected models should prioritize remediation to mitigate risks associated with this vulnerability.

As of now, this vulnerability is listed as deferred, suggesting that while it is acknowledged, a formal patch may not yet be available. However, organizations should still take proactive measures to secure their systems.

Given the potential impact, it is critical for organizations to review their security posture and apply necessary mitigations.

Vulnerability Details

The official description of the vulnerability states that: NEC Corporation Aterm WX1500HP Ver.1.4.2 and earlier and WX3600HP Ver.1.5.3 and earlier allows an attacker to execute arbitrary OS commands via the network.

This vulnerability is classified as a CWE-78, indicating a command injection issue.

The vulnerability was published on January 15, 2025, and is currently in a deferred status.

Technical Analysis

The root cause of this vulnerability is associated with insufficient input validation, allowing attackers to inject arbitrary OS commands through network inputs.

The attack vector is network-based, allowing remote exploitation without requiring physical access to the devices. The attack complexity is low, making it easier for potential attackers to exploit this vulnerability.

Exploitation requires high privileges, which means that an attacker would need access to an account with elevated permissions to successfully execute arbitrary commands.

Risk & Impact Analysis

Risk to organizations includes unauthorized command execution, which can lead to significant data loss, unauthorized access to sensitive information, and potential service outages. The blast radius for this vulnerability could affect all devices running the specified versions of the Aterm products.

Organizations should assess their exposure to this vulnerability and prioritize remediation efforts accordingly. Given the high CVSS score, it is critical to address this vulnerability in the upcoming patch cycle.

With an EPSS score of 0.00154, this vulnerability has a relatively low probability of exploitation in the wild, but organizations should not underestimate its potential impact.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions include NEC Corporation Aterm WX1500HP Ver.1.4.2 and earlier, as well as WX3600HP Ver.1.5.3 and earlier. Organizations using these versions should take immediate action to mitigate the risks associated with this vulnerability.

Mitigation & Remediation

Organizations should prioritize patching the affected models to the latest versions as soon as they become available. In the meantime, implementing network segmentation and access controls can help mitigate exposure.

For further guidance on vulnerability management, organizations can refer to the vulnerability management program best practices, ensuring a comprehensive approach to security.

Detection Guidance

Organizations should monitor logs for unusual command execution patterns and unauthorized access attempts. Additionally, behavioral anomalies related to user permissions should be tracked to detect potential exploitation.

AppSecure Threat Intelligence Insight

This vulnerability highlights a growing trend in network-exploitable command injection vulnerabilities. Security teams should enhance their defenses against such vulnerabilities by conducting regular security assessments and penetration testing.

For detailed guidance on mitigating similar vulnerabilities, organizations can explore our penetration testing methodology and stay informed about evolving threats.

By addressing command injection vulnerabilities proactively, organizations can significantly reduce their exposure and enhance their overall security posture.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-0356: High Vulnerability in NEC Corporation Aterm