Description
Kieback&Peter Neutrino-GLT product is used for building management. It's web component "SM70 PHWEB" is vulnerable to shell command injection via login form. The injected commands would execute with low privileges. The vulnerability has been fixed in version 9.40.02
References (1)
Core 1
Core References
Various Sources
https://cert.pl/en/posts/2026/01/CVE-2025-6225/
Scores
CVSS v4
6.9
EPSS
0.0095
EPSS Percentile
56.4%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-78
Status
published
Products (1)
Kieback&Peter/Neutrino-GLT
< 9.40.02
Published
Jan 07, 2026
Tracked Since
Feb 18, 2026