CVE-2025-24861 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-24861?

CVE-2025-24861 has a CVSS score of 7.5 (HIGH). This vulnerability allows remote attackers to execute arbitrary commands on affected systems by sending specially crafted POST requests. It affects OutBack Power systems and similar industrial control equipment. Organizations using these systems for critical infrastructure are particularly at risk.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary commands on affected systems by sending specially crafted POST requests. It affects OutBack Power systems and similar industrial control equipment. Organizations using these systems for critical infrastructure are particularly at risk.

💻 Affected Systems

Products:

OutBack Power systems and related industrial control equipment

Versions: Specific versions not detailed in references, but likely affects multiple versions

Operating Systems: Embedded/industrial control systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with web interfaces accepting POST requests. Industrial control systems in critical infrastructure are particularly vulnerable.

📦 What is this software?

Mojave Inverter Oghi8048a Firmware by Outbackpower

View all CVEs affecting Mojave Inverter Oghi8048a Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attacker to execute arbitrary commands, potentially disrupting critical infrastructure operations or causing physical damage.

🟠

Likely Case

Unauthorized command execution leading to system manipulation, data theft, or service disruption.

🟢

If Mitigated

Limited impact due to network segmentation and proper input validation controls.

🌐 Internet-Facing: HIGH - Attackers can exploit this remotely without authentication via POST requests.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they have network access to vulnerable systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation appears straightforward via crafted POST requests. No authentication required based on CWE-77 (Command Injection) classification.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Specific version not provided in references

Vendor Advisory: https://old.outbackpower.com/about-outback/contact/contact-us

Restart Required: No

Instructions:

1. Contact OutBack Power for patch information 2. Apply vendor-provided updates 3. Verify patch installation 4. Test system functionality

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected systems from untrusted networks and internet access

Input Validation

all

Implement strict input validation on POST request handlers

🧯 If You Can't Patch

Implement strict network access controls and firewall rules
Monitor for unusual POST request patterns and command execution attempts

🔍 How to Verify

Check if Vulnerable:

Review system logs for unusual POST requests or command execution patterns. Check with vendor for specific vulnerability testing.

Check Version:

Check system firmware/software version through vendor-specific interface or documentation

Verify Fix Applied:

Verify patch installation through vendor documentation and test with controlled POST requests.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests with command-like parameters
Unexpected command execution in system logs
Failed authentication attempts on POST endpoints

Network Indicators:

Unusual POST traffic to industrial control system web interfaces
Traffic containing shell metacharacters or command injection patterns

SIEM Query:

source="industrial_system" AND (http_method="POST" AND (url_contains="command" OR parameters_contain="&" OR parameters_contain="|" OR parameters_contain=";"))

📊 Metadata

CVE ID: CVE-2025-24861

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-77

EPSS Score: 0.12% exploit probability (31.8th percentile)

Published: February 13, 2025

Last Updated: March 4, 2025

🔗 References

https://old.outbackpower.com/about-outback/contact/contact-us Product
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-17 US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-24861, you might also want to check these: