CVE-2025-9972 is a critical OS Command Injection vulnerability (CWE-78) identified in the Planet Technology ICG-2510WG-LTE device, specifically impacting the N-Reporter, N-Cloud, and N-Probe components developed by N-Partner. This vulnerability allows an authenticated remote attacker to inject arbitrary operating system commands and execute them on the affected server. The vulnerability is notable for its high CVSS 4.0 base score of 9.3, indicating a critical severity level. The CVSS vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N) suggests that the attack can be performed remotely over the network without any privileges or user interaction, and it results in high impact on confidentiality, integrity, and availability. The vulnerability arises from improper neutralization of special elements used in OS commands, allowing malicious input to be interpreted as executable commands by the underlying operating system. Although no known exploits are currently reported in the wild, the lack of patches or mitigation links indicates that the vulnerability remains unpatched and exploitable. The affected product, ICG-2510WG-LTE, is deployed in both EU and US markets, which implies a broad geographical footprint. Given the nature of the device (likely a network communication or IoT gateway device with LTE capabilities), exploitation could lead to full system compromise, data exfiltration, disruption of network services, or pivoting attacks within the victim’s network environment.

For European organizations, the impact of this vulnerability could be severe. The ICG-2510WG-LTE device is likely used in critical communication infrastructures, industrial environments, or enterprise networks that rely on LTE connectivity for remote monitoring and management. Successful exploitation could lead to unauthorized command execution, enabling attackers to disrupt services, steal sensitive data, or establish persistent footholds within networks. This could affect sectors such as telecommunications, manufacturing, utilities, and other industries that depend on reliable LTE-enabled devices. The high severity and ease of exploitation (no privileges or user interaction required) increase the risk of widespread attacks, potentially causing operational downtime, financial losses, and reputational damage. Additionally, compromised devices could be leveraged as entry points for broader cyberattacks targeting European organizations, complicating incident response and recovery efforts.

Given the critical nature of CVE-2025-9972 and the absence of available patches, European organizations should implement the following specific mitigations: 1) Immediately restrict network access to the affected devices by implementing strict firewall rules and network segmentation to limit exposure to trusted management networks only. 2) Enforce strong authentication mechanisms and monitor authentication logs to detect any unauthorized access attempts, as exploitation requires authentication. 3) Conduct thorough inventory and asset management to identify all deployed ICG-2510WG-LTE devices and prioritize their protection. 4) Deploy intrusion detection and prevention systems (IDS/IPS) with signatures or heuristics capable of detecting command injection attempts targeting these devices. 5) Engage with Planet Technology and N-Partner for timely updates or patches and apply them as soon as they become available. 6) Implement application-layer filtering or input validation proxies where feasible to sanitize inputs to the vulnerable components. 7) Prepare incident response plans specific to this vulnerability, including monitoring for unusual command execution patterns and isolating affected devices promptly. These steps go beyond generic advice by focusing on network-level containment, proactive monitoring, and vendor engagement.