ГлавнаяУязвимости → CVE-2025-14577
9.8критическая

CVE-2025-14577

Описание

Slican NCP/IPL/IPM/IPU devices are vulnerable to PHP Function Injection. An unauthenticated remote attacker is able to execute arbitrary PHP commands by sending specially crafted requests to /webcti/session_ajax.php endpoint. This issue was fixed in version 1.24.0190 (Slican NCP) and 6.61.0010 (Slican IPL/IPM/IPU).

Затрагиваемое ПО
Slican Ncp firmwareSlican Ncp server cm300pSlican Ncp server cm300p.1bcSlican Ncp server cm400p.1bcSlican Ncp server cm600p.1bcSlican Ipl-256 firmwareSlican Ipl-256.3uSlican Ipl-256.wmSlican Ipm-032 firmwareSlican Ipm-032.2uSlican Ipm-032.wmSlican Ipu-14 firmwareSlican Ipu-14.103.wmSlican Ipu-14.105.1uSlican Ipu-14.105.wm
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://cert.pl/posts/2026/02/CVE-2025-14577https://www.slican.pl/oferta/centrale-telefoniczne/