CVE-2025-3459 (GCVE-0-2025-3459)
Vulnerability from cvelistv5
Published
2025-06-08 21:02
Modified
2025-06-09 18:36
Severity ?
7.7 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE
  • CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Summary
The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
References
cve@takeonme.orghttps://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices
cve@takeonme.orghttps://takeonme.org/cves/cve-2025-3459
Impacted products
Vendor Product Version
ON Semiconductor Quantenna Wi-Fi chipset Version: 0   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-3459",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-09T15:03:20.052450Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-09T15:03:25.025Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Quantenna Wi-Fi chipset",
          "vendor": "ON Semiconductor",
          "versions": [
            {
              "lessThanOrEqual": "8.0.0.28",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Ricky \"HeadlessZeke\" Lawshae of Keysight"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "todb"
        }
      ],
      "datePublic": "2025-06-08T21:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\u003cbr\u003e\u003cp\u003eThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset.\u003c/p\u003e"
            }
          ],
          "value": "The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-88",
              "description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-09T18:36:35.345Z",
        "orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
        "shortName": "AHA"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://takeonme.org/cves/cve-2025-3459"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "ON Semiconductor Quantenna transmit_file Argument Injection",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
    "assignerShortName": "AHA",
    "cveId": "CVE-2025-3459",
    "datePublished": "2025-06-08T21:02:09.918Z",
    "dateReserved": "2025-04-08T23:41:07.346Z",
    "dateUpdated": "2025-06-09T18:36:35.345Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-3459\",\"sourceIdentifier\":\"cve@takeonme.org\",\"published\":\"2025-06-08T21:15:32.770\",\"lastModified\":\"2025-06-09T19:15:24.707\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to command injection. This is an instance of CWE-88, \\\"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\\\" and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset.\"},{\"lang\":\"es\",\"value\":\"El Chipset Quantenna Wi-Fi se entrega con un script de control local, transmit_file, vulnerable a la inyecci\u00f3n de comandos. Se trata de una instancia de CWE-88, \\\"Neutralizaci\u00f3n incorrecta de delimitadores de argumentos en un comando (\u0027Inyecci\u00f3n de argumentos\u0027)\\\", y se estima que es CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Este problema afecta al chipset Quantenna Wi-Fi hasta la versi\u00f3n 8.0.0.28 del SDK m\u00e1s reciente y, al parecer, no se hab\u00eda corregido al momento de la publicaci\u00f3n inicial de este registro CVE, aunque el proveedor ha publicado una gu\u00eda de pr\u00e1cticas recomendadas para los implementadores de este chipset.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@takeonme.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.5,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"cve@takeonme.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-88\"}]}],\"references\":[{\"url\":\"https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices\",\"source\":\"cve@takeonme.org\"},{\"url\":\"https://takeonme.org/cves/cve-2025-3459\",\"source\":\"cve@takeonme.org\"}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"ON Semiconductor Quantenna transmit_file Argument Injection\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Ricky \\\"HeadlessZeke\\\" Lawshae of Keysight\"}, {\"lang\": \"en\", \"type\": \"coordinator\", \"value\": \"todb\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"ON Semiconductor\", \"product\": \"Quantenna Wi-Fi chipset\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.0.0.28\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-06-08T21:00:00.000Z\", \"references\": [{\"url\": \"https://takeonme.org/cves/cve-2025-3459\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to command injection. This is an instance of CWE-88, \\\"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\\\" and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) .\\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to command injection. This is an instance of CWE-88, \\\"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\\\" and is estimated as a CVSS 7.7 (\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)\\\"\u003eCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)\u003c/a\u003e.\u003cbr\u003e\u003cp\u003eThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-88\", \"description\": \"CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"26969f82-7e87-44d8-9cb5-f6fb926ddd43\", \"shortName\": \"AHA\", \"dateUpdated\": \"2025-06-08T21:02:09.918Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-3459\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-09T15:03:20.052450Z\"}}}], \"providerMetadata\": {\"shortName\": \"CISA-ADP\", \"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"dateUpdated\": \"2025-06-09T15:03:22.422Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-3459\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-08T21:02:09.918Z\", \"dateReserved\": \"2025-04-08T23:41:07.346Z\", \"assignerOrgId\": \"26969f82-7e87-44d8-9cb5-f6fb926ddd43\", \"datePublished\": \"2025-06-08T21:02:09.918Z\", \"assignerShortName\": \"AHA\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.