Refine your search
1 vulnerability found for by IDIS
CVE-2025-12556 (GCVE-0-2025-12556)
Vulnerability from cvelistv5
Published
2025-11-06 15:35
Modified
2025-11-06 15:47
Severity ?
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Summary
An argument injection vulnerability exists in the affected product that could allow an attacker to execute arbitrary code within the context of the host machine.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IDIS | ICM Viewer |
Version: v1.6.0.10 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12556",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-06T15:45:34.696161Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T15:47:08.878Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ICM Viewer",
"vendor": "IDIS",
"versions": [
{
"status": "affected",
"version": "v1.6.0.10"
},
{
"status": "unaffected",
"version": "v1.7.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Vera Mens and Noam Moshe of Claroty Team82 reported this vulnerability to CISA."
}
],
"datePublic": "2025-11-04T21:54:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn argument injection vulnerability exists in the affected product that could allow an attacker to execute arbitrary code within the context of the host machine.\u003c/span\u003e"
}
],
"value": "An argument injection vulnerability exists in the affected product that could allow an attacker to execute arbitrary code within the context of the host machine."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T15:35:58.447Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-05"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIDIS recommends users to follow these guidelines:\u003c/p\u003e\u003cul\u003e\u003cli\u003eFor users who continue to use the ICM Viewer:\u003cul\u003e\u003cli\u003eYou must access \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://icm.idisglobal.com/\"\u003ehttps://icm.idisglobal.com\u003c/a\u003e\u0026nbsp;and follow the instructions provided to upgrade to version v1.7.1. IDIS requires all users to upgrade to v1.7.1. Failure to do so will render the ICM Viewer unusable.\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003cli\u003eFor users who do not use the ICM Viewer:\u003cul\u003e\u003cli\u003eYou must immediately uninstall the program from your system.\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "IDIS recommends users to follow these guidelines:\n\n * For users who continue to use the ICM Viewer: * You must access https://icm.idisglobal.com https://icm.idisglobal.com/ \u00a0and follow the instructions provided to upgrade to version v1.7.1. IDIS requires all users to upgrade to v1.7.1. Failure to do so will render the ICM Viewer unusable.\n\n\n\n * For users who do not use the ICM Viewer: * You must immediately uninstall the program from your system."
}
],
"source": {
"advisory": "ICSA-25-308-05",
"discovery": "EXTERNAL"
},
"title": "IDIS ICM Viewer Argument Injection",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-12556",
"datePublished": "2025-11-06T15:35:58.447Z",
"dateReserved": "2025-10-31T16:30:47.318Z",
"dateUpdated": "2025-11-06T15:47:08.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}