CVE-2025-7769

HIGH

Tigo Energy's CCA - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-7769. PoCs published by Byte Reaper, byteReaper77.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in Tigo Energy Cloud Connect Advanced (CCA) 4.0.1 by injecting a command into the 'cmd' parameter of a POST request to the mobile_api endpoint. The PoC includes inline assembly for syscalls and uses libcurl to send the malicious payload.

Description

Tigo Energy's CCA is vulnerable to a command injection vulnerability in the /cgi-bin/mobile_api endpoint when the DEVICE_PING command is called, allowing remote code execution due to improper handling of user input. When used with default credentials, this enables attackers to execute arbitrary commands on the device that could cause potential unauthorized access, service disruption, and data exposure.

Exploits (2)

exploitdb WORKING POC

by Byte Reaper · cremotemultiple

https://www.exploit-db.com/exploits/52404

View Code ZIP pw:eip

This exploit demonstrates a command injection vulnerability in Tigo Energy Cloud Connect Advanced (CCA) 4.0.1 by injecting a command into the 'cmd' parameter of a POST request to the mobile_api endpoint. The PoC includes inline assembly for syscalls and uses libcurl to send the malicious payload.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Tigo Energy Cloud Connect Advanced (CCA) 4.0.1

No auth needed

Prerequisites: Network access to the target device · The mobile_api endpoint must be accessible

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by byteReaper77 · poc

https://github.com/byteReaper77/CVE-2025-7769

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2025-7769, a command injection vulnerability in Tigo Energy CCA appliances. The exploit sends a crafted JSON payload to the `/cgi-bin/mobile_api` endpoint, injecting OS commands via the `cmd` parameter to achieve remote code execution (RCE).

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Tigo Energy CCA appliances (mobile_api endpoint)

No auth needed

Prerequisites: Network access to the target device · Exposed `/cgi-bin/mobile_api` endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, US Government Resource government-resource

https://www.cisa.gov/news-events/ics-advisories/icsa-25-217-02

Scores

CVSS v4 8.7

EPSS 0.0665

EPSS Percentile 91.5%

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-77

Status published

Products (1)

Tigo Energy/Cloud Connect Advanced < 4.0.1

Published Aug 06, 2025

Tracked Since Feb 18, 2026