CVE-2025-14213 Cato's Socket WebUI is vulnerable to OS Command Injection

Cato Networks’ Socket versions prior to 25 contain a command injection vulnerability that allows an authenticated attacker with access to the Socket web interface UI to execute arbitrary operating system commands as the root user on the Socket’s internal system...

CVE-2025-14213

Cato Networks Socket WebUI (versions prior to 25) is affected by an OS command injection vulnerability. An authenticated attacker with access to the Socket web interface can run arbitrary OS commands as root on the Socket’s internal system. The issue is network-exposed with low attack complexity,...