Vulnerability Description
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53 and MB-Secure PRO from V01.06 before V03.09.Honeywell also recommends updating to the most recent version of this product.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Honeywell | Mb-Secure Firmware | >= 11.04, < 12.53 |
| Honeywell | Mb-Secure | - |
| Honeywell | Mb-Secure Pro Firmware | >= 01.06, < 03.09 |
| Honeywell | Mb-Secure Pro | - |
Related Weaknesses (CWE)
References
- https://www.honeywell.com/us/en/product-security#security-noticesVendor Advisory
- http://seclists.org/fulldisclosure/2025/May/19
FAQ
What is CVE-2025-2605?
CVE-2025-2605 is a vulnerability with a CVSS score of 9.9 (CRITICAL). Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before...
How severe is CVE-2025-2605?
CVE-2025-2605 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-2605?
Check the references section above for vendor advisories and patch information. Affected products include: Honeywell Mb-Secure Firmware, Honeywell Mb-Secure, Honeywell Mb-Secure Pro Firmware, Honeywell Mb-Secure Pro.