CVE-2025-54322

CRITICAL

Xspeeder SXZOS < 2025-12-26 - Unauthenticated Remote Code Execution via Base64-Encoded Python Code in chkid Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-54322. PoCs published by Sachinart, nkuty.

AI-analyzed exploit summary This repository contains a multi-threaded vulnerability scanner for CVE-2025-54322, which targets an unauthenticated remote code execution vulnerability in XSpeeder SXZOS firmware. The scanner detects vulnerable hosts by sending crafted requests and validating responses, but does not include exploit code for actual RCE.

Description

Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to vLogin.py. The title and oIP parameters are also used.

Exploits (2)

nomisec SCANNER 8 stars

by Sachinart · poc

https://github.com/Sachinart/CVE-2025-54322

View Code ZIP pw:eip

This repository contains a multi-threaded vulnerability scanner for CVE-2025-54322, which targets an unauthenticated remote code execution vulnerability in XSpeeder SXZOS firmware. The scanner detects vulnerable hosts by sending crafted requests and validating responses, but does not include exploit code for actual RCE.

Classification

Scanner 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: XSpeeder SXZOS Firmware

No auth needed

Prerequisites: Python 3.7+ · requests library · urllib3 library · list of target URLs

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 19, 2026 Full analysis →

nomisec WORKING POC 2 stars

by nkuty · poc

https://github.com/nkuty/CVE-2025-54322-exploit

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2025-54322, targeting an unsafe `eval()` vulnerability in XSpeeder SXZOS firmware. The exploit provides an interactive shell and reverse shell capabilities, leveraging Django debug pages for command output extraction.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: XSpeeder SXZOS Firmware (SD-WAN / Edge Routers)

No auth needed

Prerequisites: Python 3.x · requests library · target with Django DEBUG mode enabled

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://pwn.ai/blog/cve-2025-54322-zeroday-unauthenticated-root-rce-affecting-70-000-hosts

Product

https://www.xspeeder.com

Scores

CVSS v3 10.0

EPSS 0.1399

EPSS Percentile 96.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-95 CWE-94

Status published

Products (1)

xspeeder/sxzos < 2025-12-26

Published Dec 27, 2025

Tracked Since Feb 18, 2026