CVE-2025-6225 is a vulnerability classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command), specifically an OS command injection flaw found in the Kieback&Peter Neutrino-GLT building management system's web component named "SM70 PHWEB." This component exposes a login form that improperly sanitizes user input, allowing an attacker to inject arbitrary shell commands. These commands execute with low privileges, which limits the potential damage but still poses a significant risk. The vulnerability requires no authentication or user interaction and can be exploited remotely over the network, increasing its accessibility to attackers. The CVSS 4.0 vector indicates an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and low impacts on confidentiality, integrity, and availability (VC:L, VI:L, VA:L). The vulnerability was reserved in mid-2025 and published in early 2026, with no known exploits in the wild to date. The vendor has addressed the issue in version 9.40.02 of the product. Given that Neutrino-GLT is used for building management, exploitation could lead to unauthorized command execution on systems controlling critical infrastructure elements such as HVAC, lighting, or security systems, potentially disrupting building operations or leaking sensitive information. The low privilege level of command execution reduces the risk of full system compromise but does not eliminate the threat of lateral movement or information gathering by attackers.

For European organizations, the impact of CVE-2025-6225 could be significant in environments where Neutrino-GLT is deployed to manage critical building infrastructure. Exploitation could allow attackers to execute arbitrary commands remotely without authentication, potentially leading to unauthorized access to building control systems, disruption of services such as heating, ventilation, air conditioning, or security systems, and leakage of sensitive operational data. Although the commands run with low privileges, attackers might leverage this foothold for further attacks within the network. This could affect business continuity, safety, and compliance with regulations such as GDPR if personal data or operational data are exposed. The medium severity rating reflects the balance between ease of exploitation and limited privilege execution, but the critical nature of building management systems in European commercial, governmental, and industrial facilities elevates the importance of timely remediation.

Organizations should immediately upgrade affected Neutrino-GLT systems to version 9.40.02 or later, where the vulnerability is fixed. Until patching is complete, restrict network access to the SM70 PHWEB component by implementing network segmentation and firewall rules to limit exposure to trusted management networks only. Employ intrusion detection or prevention systems to monitor for suspicious login attempts or unusual command execution patterns. Conduct regular audits of building management system logs to detect potential exploitation attempts. Additionally, enforce strict input validation and sanitization on any custom integrations with the Neutrino-GLT system. Coordinate with Kieback&Peter support for any additional security advisories or mitigations. Finally, ensure that incident response plans include scenarios involving building management system compromises.