What is CVE-2026-25070?

A critical OS command injection vulnerability has been identified in the Seekswan ZikeStor SKS8310-8X Network Switch firmware. Organizations must address this vulnerability urgently to prevent unauthorized remote code execution.

What is the severity of CVE-2026-25070?

CVE-2026-25070 has a severity rating of CRITICAL with a CVSS base score of 9.3.

CVE-2026-25070 | Critical Vulnerability in Seekswan ZikeStor SKS8310-8X Network Switch

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain an OS command injection vulnerability in the /goform/PingTestSet endpoint that allows unauthenticated remote attackers to execute arbitrary operating system commands. Attackers may leverage this vulnerability by injecting malicious commands through the destIp parameter, resulting in remote code execution with root privileges on the network switch.

The CVSS score for this vulnerability is 9.3, indicating a critical severity level. This high score reflects the potential impact of the vulnerability, which includes significant confidentiality, integrity, and availability risks to affected systems. Organizations should prioritize patching immediately.

Currently, there is no public exploit confirmed for this vulnerability. However, its exploitation could lead to severe consequences, making it essential for organizations to remain vigilant.

With the public disclosure of this vulnerability, organizations using affected versions of the ZikeStor SKS8310-8X Network Switch must take immediate action to implement remediation measures.

Vulnerability Details

The vulnerability permits OS command injection through the /goform/PingTestSet endpoint, allowing attackers to execute arbitrary OS commands without authentication. It is classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')).

This vulnerability was published on March 7, 2026, and affects Seekswan's ZikeStor SKS8310-8X firmware versions 1.04.B07 and prior. Organizations using these firmware versions need to be aware of the risks and take appropriate measures.

Technical Analysis

The root cause of this vulnerability lies in the insufficient validation of user input in the destIp parameter of the /goform/PingTestSet endpoint. Attackers can exploit this flaw using a network attack vector, which has low attack complexity and does not require any privileges or user interaction.

The successful exploitation of this vulnerability can lead to complete control over the affected network switch, allowing attackers to access sensitive data or disrupt services.

Risk & Impact Analysis

Risk to organizations includes unauthorized access and potential compromise of network integrity. The blast radius is extensive, considering the critical nature of network infrastructure and its role in operational continuity. Organizations should assess the urgency of remediation based on the high CVSS score and the potential impact of exploitation.

Given the critical nature of this vulnerability, organizations should prioritize patching immediately and ensure that all necessary safeguards are in place.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected product is the Seekswan ZikeStor SKS8310-8X firmware, specifically all versions prior to 1.04.B07.

Mitigation & Remediation

Organizations should implement the latest firmware updates for the ZikeStor SKS8310-8X Network Switch to mitigate this vulnerability. If a patch is not available, organizations may consider implementing network segmentation to limit exposure and enhance monitoring of network traffic.

For further insights, organizations may explore penetration testing services to assess their security posture.

Detection Guidance

Organizations should monitor for unusual command executions and verify logs for unauthorized access attempts to the network switch. Regular audits of network configurations can help identify potential misconfigurations that may expose the system to this vulnerability.

AppSecure Threat Intelligence Insight

This vulnerability highlights the ongoing challenges in securing network devices, particularly those exposed to untrusted networks. Security teams should prioritize understanding their environment and implementing best practices to mitigate similar vulnerabilities.

For additional context, organizations may refer to our penetration testing methodology to enhance their security assessments.

Additionally, learning about vulnerability management programs can assist organizations in proactively addressing such threats.

Organizations should also consider attending our cloud security assessment guide for insights into securing cloud environments.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-25070: Critical Vulnerability in Seekswan ZikeStor SKS8310-8X Network Switch