CVE-2025-14577

🗓️ 24 Feb 2026 13:21:06Reported by CERT-PLType

Unauthenticated attacker can execute PHP commands via a web endpoint on Slican devices; fixed in specific versions.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-14577	24 Feb 202611:55	–	circl
CNNVD	Slican多款产品访问控制错误漏洞	24 Feb 202600:00	–	cnnvd
Cvelist	CVE-2025-14577 PHP Function Injection in Slican NPC/IPL/IPM/IPU	24 Feb 202613:21	–	cvelist
EUVD	EUVD-2025-208088	24 Feb 202613:21	–	euvd
NVD	CVE-2025-14577	24 Feb 202614:16	–	nvd
OSV	CVE-2025-14577	24 Feb 202614:16	–	osv
Positive Technologies	PT-2026-21683	24 Feb 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-14577	25 Feb 202616:17	–	redhatcve
Vulnrichment	CVE-2025-14577 PHP Function Injection in Slican NPC/IPL/IPM/IPU	24 Feb 202613:21	–	vulnrichment

NVD

Vulners

Node

slican ncp_firmwareRange<1.24.0190

AND

slican ncp_server_cm300pMatch-

slican ncp_server_cm300p.1bcMatch-

slican ncp_server_cm400p.1bcMatch-

slican ncp_server_cm600p.1bcMatch-

Node

slican ipl-256_firmwareRange<6.61.0010

AND

slican ipl-256.3uMatch-

slican ipl-256.wmMatch-

Node

slican ipm-032_firmwareRange<6.61.0010

AND

slican ipm-032.2uMatch-

slican ipm-032.wmMatch-

Node

slican ipu-14_firmwareRange<6.61.0010

AND

slican ipu-14.103.wmMatch-

slican ipu-14.105.1uMatch-

slican ipu-14.105.wmMatch-

[
  {
    "defaultStatus": "unaffected",
    "product": "NCP",
    "vendor": "Slican",
    "versions": [
      {
        "lessThan": "1.24.0190",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "IPL",
    "vendor": "Slican",
    "versions": [
      {
        "lessThan": "6.61.0010",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "IPM",
    "vendor": "Slican",
    "versions": [
      {
        "lessThan": "6.61.0010",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "IPU",
    "vendor": "Slican",
    "versions": [
      {
        "lessThan": "6.61.0010",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
slican	www.slican.pl/oferta/centrale-telefoniczne/
cert	www.cert.pl/posts/2026/02/CVE-2025-14577

17 Jun 2026 08:36Current

6Medium risk

Vulners AI Score6

CVSS 3.19.8

CVSS 49.3

EPSS0.00389

SSVC

CWE-306