CVE-2025-3626 is a critical OS command injection vulnerability (CWE-78) found in the Frauscher FDS102 product, specifically version 2.8.0. This vulnerability arises due to improper neutralization of special elements in OS commands when uploading configuration files via the device's web user interface (webUI). An attacker with an administrator account on the device can exploit this flaw to execute arbitrary OS commands remotely. Because the vulnerability allows command injection, the attacker can gain full control over the affected device, compromising confidentiality, integrity, and availability. The vulnerability requires authenticated access with administrator privileges but does not require user interaction beyond the upload process. The CVSS v3.1 score of 9.1 reflects the critical severity, with network attack vector, low attack complexity, high privileges required, no user interaction, and a scope change indicating that the impact extends beyond the vulnerable component. The vulnerability was reserved in April 2025 and published in July 2025, with no known exploits in the wild yet. Frauscher FDS102 is a specialized product used in railway detection systems, which are critical infrastructure components. The lack of a patch link suggests that a fix may not yet be publicly available, increasing the urgency for mitigation.

For European organizations, especially those involved in railway infrastructure and transportation sectors, this vulnerability poses a significant risk. The Frauscher FDS102 is deployed in railway detection and signaling systems, which are critical for safe and efficient train operations. Exploitation could lead to unauthorized control of these devices, potentially disrupting railway operations, causing safety hazards, and leading to service outages. The compromise of such systems could also result in data breaches or manipulation of operational data, undermining trust and regulatory compliance. Given the critical nature of railway infrastructure in Europe and the increasing reliance on digital control systems, this vulnerability could have cascading effects on transportation networks, economic activities, and public safety. The requirement for administrator credentials limits the attack surface but insider threats or credential compromise scenarios remain realistic. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as threat actors may develop exploits following public disclosure.

Organizations using Frauscher FDS102 version 2.8.0 should immediately review and restrict administrator access to the device's webUI, enforcing strong authentication mechanisms and monitoring for suspicious login activity. Network segmentation should be implemented to isolate these devices from general IT networks and limit exposure to untrusted networks. Until a vendor patch is available, consider disabling the configuration file upload feature if operationally feasible or implementing strict input validation proxies or web application firewalls to detect and block malicious payloads targeting the upload functionality. Regularly audit and rotate administrator credentials to reduce the risk of credential compromise. Additionally, implement comprehensive logging and alerting on device management activities to detect potential exploitation attempts early. Engage with Frauscher support for updates on patch availability and apply security updates promptly once released. Conduct penetration testing focused on this vulnerability to validate mitigations and assess residual risk.