Vulnerabilites related to Telex - Remote Dispatch Console Server
CVE-2025-29902 (GCVE-0-2025-29902)
Vulnerability from cvelistv5
Published
2025-06-13 09:23
Modified
2025-06-13 12:22
Severity ?
CWE
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
Summary
Remote code execution that allows unauthorized users to execute arbitrary code on the server machine.
Impacted products
Vendor Product Version
Telex Remote Dispatch Console Server Version: 1.0.0   < 1.3.0
Create a notification for this product.
   RTS VLink Virtual Matrix Software Version: 5
Version: 6.0.0   < 6.6.0
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-29902",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-13T12:22:39.127595Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-13T12:22:47.798Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Windows"
          ],
          "product": "Remote Dispatch Console Server",
          "vendor": "Telex",
          "versions": [
            {
              "lessThan": "1.3.0",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows"
          ],
          "product": "VLink Virtual Matrix Software",
          "vendor": "RTS",
          "versions": [
            {
              "status": "affected",
              "version": "5"
            },
            {
              "lessThan": "6.6.0",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Remote code execution that allows unauthorized users to execute arbitrary code on the server machine."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-13T09:23:49.631Z",
        "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "shortName": "bosch"
      },
      "references": [
        {
          "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-992447.html",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-992447.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
    "assignerShortName": "bosch",
    "cveId": "CVE-2025-29902",
    "datePublished": "2025-06-13T09:23:49.631Z",
    "dateReserved": "2025-03-12T09:44:43.587Z",
    "dateUpdated": "2025-06-13T12:22:47.798Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}