{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14213", "assignerOrgId": "2505284f-8ffb-486c-bf60-e19c1097a90b", "state": "PUBLISHED", "assignerShortName": "Cato", "dateReserved": "2025-12-07T13:44:13.332Z", "datePublished": "2026-03-31T11:35:48.868Z", "dateUpdated": "2026-03-31T13:21:59.364Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "2505284f-8ffb-486c-bf60-e19c1097a90b", "shortName": "Cato", "dateUpdated": "2026-03-31T11:35:48.868Z"}, "title": "Cato's Socket WebUI is vulnerable to OS Command Injection", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "type": "CWE"}]}, {"descriptions": [{"lang": "en", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "affected": [{"vendor": "Cato Networks", "product": "Socket", "platforms": ["Linux"], "versions": [{"status": "affected", "version": "24 and below", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Cato Networks\u2019 Socket versions prior to 25 contain a command injection vulnerability that allows an authenticated attacker with access to the Socket web interface (UI) to execute arbitrary operating system commands as the root user on the Socket\u2019s internal system.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<span>Cato Networks\u2019 Socket versions prior to 25 contain a command injection vulnerability that allows an authenticated attacker with access to the Socket web interface (UI) to execute arbitrary operating system commands as the root user on the Socket\u2019s internal system.</span>"}]}], "references": [{"url": "https://support.catonetworks.com/hc/en-us/articles/33184937283357-CVE-2025-14213-Socket-WebUI-OS-Command-Injection"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T13:21:50.775743Z", "id": "CVE-2025-14213", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T13:21:59.364Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14213", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-31T13:21:50.775743Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T13:21:54.256Z"}}], "cna": {"title": "Cato's Socket WebUI is vulnerable to OS Command Injection", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:H", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Cato Networks", "product": "Socket", "versions": [{"status": "affected", "version": "24 and below", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.catonetworks.com/hc/en-us/articles/33184937283357-CVE-2025-14213-Socket-WebUI-OS-Command-Injection"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Cato Networks\u2019 Socket versions prior to 25 contain a command injection vulnerability that allows an authenticated attacker with access to the Socket web interface (UI) to execute arbitrary operating system commands as the root user on the Socket\u2019s internal system.", "supportingMedia": [{"type": "text/html", "value": "<span>Cato Networks\u2019 Socket versions prior to 25 contain a command injection vulnerability that allows an authenticated attacker with access to the Socket web interface (UI) to execute arbitrary operating system commands as the root user on the Socket\u2019s internal system.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "2505284f-8ffb-486c-bf60-e19c1097a90b", "shortName": "Cato", "dateUpdated": "2026-03-31T11:35:48.868Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14213", "state": "PUBLISHED", "dateUpdated": "2026-03-31T13:21:59.364Z", "dateReserved": "2025-12-07T13:44:13.332Z", "assignerOrgId": "2505284f-8ffb-486c-bf60-e19c1097a90b", "datePublished": "2026-03-31T11:35:48.868Z", "assignerShortName": "Cato"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cato Networks\u2019 Socket versions prior to 25 contain a command injection vulnerability that allows an authenticated attacker with access to the Socket web interface (UI) to execute arbitrary operating system commands as the root user on the Socket\u2019s internal system."}], "id": "CVE-2025-14213", "lastModified": "2026-04-01T14:24:02.583", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "2505284f-8ffb-486c-bf60-e19c1097a90b", "type": "Secondary"}]}, "published": "2026-03-31T12:16:26.813", "references": [{"source": "2505284f-8ffb-486c-bf60-e19c1097a90b", "url": "https://support.catonetworks.com/hc/en-us/articles/33184937283357-CVE-2025-14213-Socket-WebUI-OS-Command-Injection"}], "sourceIdentifier": "2505284f-8ffb-486c-bf60-e19c1097a90b", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-78"}], "source": "2505284f-8ffb-486c-bf60-e19c1097a90b", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["linux"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,24]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Socket", "source": "cna", "vendor": "Cato Networks"}, "product": "socket", "vendor": "cato_networks"}], "analysis": {"en": {"generated_at": "2026-03-31T13:22:04.680580+00:00", "value": {"mitigation_remediation": ["Verify the Socket firmware version; if it is earlier than 25, upgrade to version\u202f25 or later.", "If an upgrade cannot be performed immediately, restrict web UI access to trusted administrators and apply network segmentation to limit exposure.", "Monitor socket appliance logs for suspicious command execution attempts.", "Stay updated by checking Cato Networks support for any vendor\u2011issued workarounds or patches."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability exists in all Socket releases prior to version\u202f25 of the Cato Networks appliance. Any deployment of those versions that exposes the web interface and allows authenticated access can be impacted.", "description_and_impact": "A flaw in Cato Networks Socket allows an authenticated attacker who can access the internal web interface to inject system commands. By supplying crafted input, the attacker can cause the application to execute arbitrary commands with root privileges on the Socket device, creating a full remote code execution danger reflected in the high CVSS score and the underlying CWE identifiers for input validation and command execution.", "risk_and_exploitability": "The CVSS base score of 8.3 indicates high severity, and while the EPSS score is unavailable and the flaw is not listed in the KEV catalog, the impact of running arbitrary commands as root remains critical. Attackers need valid credentials to reach the web UI; once authenticated they can deliver commands that compromise the entire device. The combination of a high severity rating with authenticated access through a web interface makes this a priority for rapid remediation."}}}}, "created": "2026-03-31T19:54:53.671050+00:00", "updated": "2026-03-31T20:38:47.639358+00:00", "vendors": ["cato_networks", "cato_networks$PRODUCT$socket"]}