CVE-2025-29269 is an operating system command injection vulnerability identified in the ALLNET ALL-RUT22GW router firmware version 3.3.8. The vulnerability exists in the handling of the 'command' parameter within the popen.cgi endpoint, which is used to execute system commands. Due to insufficient input validation or sanitization, an attacker can inject arbitrary OS commands that the device executes with the privileges of the web server process. This flaw enables remote attackers to execute arbitrary commands on the device without requiring authentication or user interaction, potentially leading to full device compromise. The vulnerability was reserved in March 2025 and published in December 2025, with no CVSS score assigned yet and no patches publicly available at the time of reporting. No known exploits have been observed in the wild, but the nature of the vulnerability suggests it could be exploited by attackers to gain control over the router, manipulate network traffic, or pivot into internal networks. The ALLNET ALL-RUT22GW is commonly used in enterprise and industrial environments, making this vulnerability particularly concerning for organizations relying on these devices for network connectivity and security.

For European organizations, exploitation of this vulnerability could result in severe consequences including unauthorized remote control of network routers, interception or manipulation of network traffic, and potential lateral movement within corporate networks. This could lead to data breaches, disruption of business operations, and compromise of sensitive information. Critical infrastructure sectors such as energy, manufacturing, and telecommunications that utilize ALLNET routers may face operational disruptions or targeted attacks. The ability to execute arbitrary commands without authentication increases the risk of automated exploitation campaigns. Additionally, compromised routers could be used as footholds for launching further attacks against internal systems or as part of botnets for distributed denial-of-service (DDoS) attacks. The absence of patches and the potential for widespread deployment of vulnerable devices amplify the threat to European enterprises and public sector organizations.

Organizations should immediately inventory their network devices to identify any ALLNET ALL-RUT22GW routers running firmware version 3.3.8. Until an official patch is released, it is critical to restrict access to the router management interface by implementing network segmentation and firewall rules that limit access to trusted administrators only. Disable remote management interfaces if not required. Employ intrusion detection systems to monitor for suspicious activity targeting the popen.cgi endpoint or unusual command execution patterns. Regularly update device firmware as soon as vendors release patches addressing this vulnerability. Additionally, consider deploying network-level protections such as web application firewalls (WAFs) that can detect and block command injection attempts. Conduct thorough security assessments and penetration testing to identify any exploitation attempts. Finally, establish incident response plans specifically addressing potential router compromises to minimize impact.