1. Home
  2. CVE Database
  3. CVE-2025-32455
HIGH · 7.7

CVE-2025-32455

The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutraliza...

Vulnerability Description

The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.

CVSS Score

7.7

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
OnsemiQcs-Ax3-S5 Firmware-
OnsemiQcs-Ax3-S5-
OnsemiQcs-Ax2-A12 Firmware-
OnsemiQcs-Ax2-A12-
OnsemiQcs-Ax2-T12 Firmware-
OnsemiQcs-Ax2-T12-
OnsemiQcs-Ax2-T8 Firmware-
OnsemiQcs-Ax2-T8-
OnsemiQd840 Firmware-
OnsemiQd840-
OnsemiQhs710 Firmware-
OnsemiQhs710-
OnsemiQsr10Ga Firmware-
OnsemiQsr10Ga-
OnsemiQsr10Gu Firmware-
OnsemiQsr10Gu-
OnsemiQv840 Firmware-
OnsemiQv840-
OnsemiQv840C Firmware-
OnsemiQv840C-

Related Weaknesses (CWE)

CWE-88

References

FAQ

What is CVE-2025-32455?

CVE-2025-32455 is a vulnerability with a CVSS score of 7.7 (HIGH). The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutraliza...

How severe is CVE-2025-32455?

CVE-2025-32455 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-32455?

Check the references section above for vendor advisories and patch information. Affected products include: Onsemi Qcs-Ax3-S5 Firmware, Onsemi Qcs-Ax3-S5, Onsemi Qcs-Ax2-A12 Firmware, Onsemi Qcs-Ax2-A12, Onsemi Qcs-Ax2-T12 Firmware.