CVE-2025-9494 Viessmann Vitogate 300 OS Command Injection

An OS command injection vulnerability has been discovered in the Vitogate 300, which can be exploited by malicious users to compromise affected installations. Specifically, the /cgi-bin/vitogate.cgi endpoint is affected, when the form JSON parameter is set to form-0-2. The vulnerability stems fro...

Viessmann Vitogate 300 安全漏洞

Viessmann Vitogate 300 is a communication gateway from Viessmann, Germany. A security vulnerability exists in the Viessmann Vitogate 300 that originates from the /cgi-bin/vitogate.cgi endpoint when the form JSON parameter is set to form-0-2, which does not clean up the input correctly, and could...