Vulnerability Database

309,540

Total vulnerabilities in the database

CVE-2025-25504

An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV over IP products) v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444 without authentication and execute arbitrary commands with root privileges.

Published: May 5, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-25504
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWEs:

CWE-287
CWE-77

OWASP TOP 10:

A2 - Broken Authentication
A1 - Injection

Affected Software
References

Software	From	Fixed in
niceforyou / gefen_webfwc	1.70v	1.70v.x
niceforyou / gefen_webfwc	1.85h	1.85h.x
niceforyou / gefen_webfwc	1.86v	1.86v.x

http://gefen.com
https://www.troy-wilson.com/cve-2025-25504.html

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo