CVE-2026-25721

HIGH

XWEB Pro <1.12.1 - Command Injection

Title source: llm

Description

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the server username and/or password fields of the restore action in the API V1 route.

References (3)

[Third Party Advisory] https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json

View Writeup ZIP pw:eip

[Various Sources] https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10

Scores

CVSS v3 8.0

EPSS 0.0014

EPSS Percentile 34.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Classification

CWE

CWE-78

Status published

Affected Products (3)

copeland/xweb_300d_pro_firmware < 1.12.1

copeland/xweb_500d_pro_firmware < 1.12.1

copeland/xweb_500b_pro_firmware < 1.12.1

Timeline

Published Feb 27, 2026

Tracked Since Feb 27, 2026