CVE-2025-64128 is an OS command injection vulnerability classified under CWE-78 found in the Zenitel TCIV-3+ intercom system. The root cause is incomplete validation of user-supplied input, which fails to enforce adequate formatting rules, allowing attackers to append arbitrary data to commands executed by the system. This vulnerability can be exploited remotely by unauthenticated attackers, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N), meaning no privileges or user interaction are required. The vulnerability affects all versions of the product (noted as version 0, likely meaning all current versions). Successful exploitation results in complete compromise of confidentiality, integrity, and availability (C:H/I:H/A:H), enabling attackers to execute arbitrary OS commands, potentially leading to full device takeover, data theft, or service disruption. The vulnerability was reserved on 2025-10-27 and published on 2025-11-26. No public exploits are known at this time, but the critical severity and ease of exploitation make it a high-priority issue. Zenitel TCIV-3+ devices are commonly used in communication and security systems, often in industrial, public safety, and critical infrastructure environments, increasing the potential impact of this vulnerability.

The impact of CVE-2025-64128 on European organizations is severe. Given the critical nature of the vulnerability and the widespread use of Zenitel TCIV-3+ in communication systems, exploitation could lead to unauthorized command execution, full device compromise, and disruption of critical communication channels. This could affect public safety, emergency response, industrial control systems, and enterprise security operations. Confidential information could be exfiltrated, and attackers could use compromised devices as footholds for lateral movement within networks. The lack of authentication requirement and ease of exploitation increase the risk of rapid and widespread attacks. Disruption or manipulation of intercom and communication systems could have cascading effects on operational continuity and safety in sectors such as transportation, healthcare, and government facilities across Europe.

1. Immediately isolate Zenitel TCIV-3+ devices from untrusted networks to reduce exposure. 2. Monitor network traffic for unusual command execution patterns or unexpected connections originating from these devices. 3. Apply vendor patches or firmware updates as soon as they become available; maintain close communication with Zenitel for updates. 4. Implement strict input validation and filtering at network boundaries to prevent injection of malicious commands. 5. Employ network segmentation to separate critical communication devices from general IT infrastructure. 6. Use intrusion detection/prevention systems (IDS/IPS) tuned to detect command injection attempts targeting these devices. 7. Conduct regular security audits and penetration testing focused on intercom and communication systems. 8. Develop and rehearse incident response plans specific to communication system compromises. 9. Restrict physical and remote access to the devices to authorized personnel only. 10. Educate staff on the risks and signs of exploitation related to these devices.