CVE-2025-11571

LOW

Silicon Labs Simplicity Studio v5 < 5.11.2.1 - Same-Network Command Execution

Title source: manual
STIX 2.1

Description

Vulnerable endpoints accept user-controlled input through a URL in JSON format which enables command execution. The commands allowed to execute can open executables. However, the commands cannot pass parameters or arguments.  To successfully execute this attack, the attacker needs to be on the same network.

References (1)

Core 1
Core References
Vendor Advisory permissions-required vendor-advisory
https://community.silabs.com/068Vm00000htltZ

Scores

CVSS v4 2.1
EPSS 0.0044
EPSS Percentile 35.2%
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-78
Status published
Products (2)
silabs.com/Simplicity Installer tool (Silicon Labs Tool - SLT) for Simplicity Studio v6 < 1.0.1
silabs.com/Simplicity Studio v5 < 5.11.2.1
Published Mar 24, 2026
Tracked Since Mar 24, 2026