CVE-2026-25070 is an OS command injection vulnerability identified in the XikeStor SKS8310-8X network switch firmware versions 1.04.B07 and earlier, produced by Anhui Seeker Electronic Technology Co., LTD. The vulnerability resides in the /goform/PingTestSet HTTP endpoint, which accepts a destIp parameter used to perform ping tests. Due to improper neutralization of special elements (CWE-78), attackers can inject arbitrary operating system commands via this parameter. The vulnerability allows unauthenticated remote attackers to execute commands with root-level privileges, effectively granting full control over the affected device. The CVSS 4.0 base score is 9.3, indicating critical severity, with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (VC:H, VI:H, VA:H). This means exploitation is straightforward and can cause complete compromise of the device. The vulnerability can be exploited remotely without authentication, making it highly dangerous. No patches or official fixes are currently listed, and no known exploits have been reported in the wild yet. However, the potential for attackers to gain root shell access on network infrastructure devices poses a significant risk to network security and stability. The device’s role in managing network traffic and configurations means exploitation could lead to interception, manipulation, or denial of network services.

The impact of CVE-2026-25070 is severe for organizations using the affected XikeStor SKS8310-8X network switches. Successful exploitation grants attackers root-level remote code execution, enabling full control over the device. This can lead to unauthorized interception or manipulation of network traffic, disruption of network availability, and compromise of network management functions. Attackers could deploy persistent backdoors, pivot to internal networks, or launch further attacks against connected systems. Critical infrastructure, enterprise networks, and service providers relying on these switches face risks of operational disruption, data breaches, and loss of network integrity. The lack of authentication and user interaction requirements increases the likelihood of automated exploitation attempts once the vulnerability becomes widely known. The absence of patches further exacerbates the risk, potentially leading to widespread exploitation and significant damage to organizational security postures.

Given the absence of official patches, organizations should immediately implement compensating controls to mitigate CVE-2026-25070. These include restricting network access to the management interface of the XikeStor SKS8310-8X switches using firewalls or access control lists (ACLs) to limit exposure to trusted IP addresses only. Network segmentation should isolate these devices from untrusted networks and the internet. Monitoring and alerting on unusual traffic patterns or command execution attempts targeting the /goform/PingTestSet endpoint can help detect exploitation attempts. Disabling or restricting the vulnerable functionality if possible, such as disabling remote ping test features or the affected endpoint, can reduce attack surface. Organizations should engage with the vendor for firmware updates or patches and plan for timely deployment once available. Additionally, conducting regular security audits and penetration testing on network devices can help identify and remediate similar vulnerabilities proactively.