CVE-2025-64090 is a critical remote code execution vulnerability affecting Zenitel TCIS-3+ communication devices with firmware versions earlier than 9.2.3.3. The flaw arises from improper handling of the device hostname, which can be manipulated by an unauthenticated attacker to inject and execute arbitrary commands on the underlying system. The vulnerability is remotely exploitable over the network without requiring any authentication or user interaction, making it highly dangerous. The CVSS 3.1 base score of 10.0 reflects the vulnerability's ease of exploitation and its complete compromise of confidentiality, integrity, and availability. The vulnerability could allow attackers to take full control of affected devices, potentially disrupting critical communication services, intercepting sensitive information, or using the compromised device as a foothold for lateral movement within an organization’s network. Although no public exploits have been observed yet, the severity and simplicity of exploitation make it a prime target for threat actors once exploits become available. Zenitel has released firmware version 9.2.3.3 to address this issue, but no direct patch links are provided in the source data. The vulnerability was reserved in late 2025 and published in early 2026 by NCSC-NL, indicating coordinated disclosure and recognition of its severity.

For European organizations, the impact of CVE-2025-64090 can be severe, especially for those relying on Zenitel TCIS-3+ devices in critical communication and security infrastructure such as public safety, transportation, and industrial control systems. Successful exploitation could lead to full device compromise, allowing attackers to disrupt communications, exfiltrate sensitive data, or pivot to other internal systems. This could result in operational downtime, loss of sensitive information, regulatory penalties under GDPR due to data breaches, and reputational damage. The critical nature of the vulnerability and the lack of required authentication increase the risk of widespread exploitation. Organizations in sectors with stringent security requirements and high availability demands are particularly vulnerable to the operational and financial consequences of this flaw.

1. Immediately upgrade all Zenitel TCIS-3+ devices to firmware version 9.2.3.3 or later to remediate the vulnerability. 2. If immediate patching is not feasible, restrict network access to TCIS-3+ devices by implementing strict firewall rules and network segmentation to limit exposure to untrusted networks. 3. Monitor device logs and network traffic for unusual hostname changes or suspicious command execution attempts. 4. Employ intrusion detection/prevention systems (IDS/IPS) tuned to detect anomalous activity related to device management interfaces. 5. Enforce strong access controls and authentication mechanisms on management interfaces to reduce risk of exploitation through other vectors. 6. Conduct regular vulnerability assessments and penetration testing focused on communication infrastructure devices. 7. Maintain an incident response plan specifically addressing potential compromises of communication devices to minimize impact.