CVE-2025-64093 is a remote code execution (RCE) vulnerability identified in the Zenitel ICX500 intercom system, specifically affecting firmware versions earlier than 1.4.3.3. The vulnerability arises from improper input validation in the hostname configuration parameter, allowing unauthenticated attackers to inject arbitrary commands. Because the hostname field is processed by the system without sufficient sanitization, attackers can craft malicious payloads that execute arbitrary code with system-level privileges. This flaw requires no authentication or user interaction, making it trivially exploitable over the network by any attacker who can reach the device. The vulnerability's CVSS 3.1 base score is 10.0, reflecting its critical nature with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and complete impact on confidentiality, integrity, and availability (C:H/I:H/A:H). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component, potentially compromising the entire device. Although no public exploits have been reported yet, the severity and ease of exploitation make this a high-priority issue. The ICX500 is commonly deployed in enterprise and public safety environments for secure communication, meaning exploitation could lead to unauthorized access, data leakage, service disruption, or pivoting into internal networks. The vulnerability was reserved on 2025-10-27 and published on 2026-01-09 by NCSC-NL, indicating coordinated disclosure. No official patches or mitigation links are currently provided, emphasizing the need for vigilance and interim protective measures.

For European organizations, the impact of CVE-2025-64093 is substantial. The Zenitel ICX500 is widely used in critical infrastructure sectors such as transportation, public safety, and industrial facilities across Europe. Successful exploitation can lead to full system compromise, allowing attackers to execute arbitrary commands, disrupt communication services, exfiltrate sensitive information, or use the device as a foothold for lateral movement within corporate or governmental networks. This could result in operational downtime, loss of sensitive data, reputational damage, and potential safety hazards if emergency communication systems are affected. Given the device’s role in secure communications, the confidentiality and integrity of communications could be severely undermined. The vulnerability’s unauthenticated nature and network accessibility increase the risk of widespread exploitation, especially in environments where ICX500 devices are internet-facing or insufficiently segmented. The lack of current patches means organizations must rely on compensating controls to reduce exposure until updates are available.

1. Immediately identify all Zenitel ICX500 devices in your network and verify their firmware versions. 2. Apply the official firmware update to version 1.4.3.3 or later as soon as it becomes available from Zenitel. 3. Until patches are deployed, restrict network access to ICX500 devices by implementing strict firewall rules and network segmentation to isolate these devices from untrusted networks, including the internet. 4. Disable any unnecessary services or management interfaces on the ICX500 devices to reduce the attack surface. 5. Monitor network traffic and device logs for unusual hostname changes or command injection attempts, using intrusion detection systems tuned for this vulnerability. 6. Employ network-level anomaly detection to identify exploitation attempts targeting the hostname parameter. 7. Conduct regular vulnerability scans and penetration tests focusing on ICX500 devices to ensure no residual exposure. 8. Establish an incident response plan specific to this vulnerability, including rapid containment and remediation procedures. 9. Coordinate with Zenitel support and subscribe to their security advisories for timely updates and patches. 10. Educate relevant IT and security personnel about the vulnerability and its exploitation vectors to enhance detection and response capabilities.