Aller au contenu principal

​​Security Advisories

This page is the official source for security advisories affecting Zenitel’s products; advisories reference CVE identifiers where assigned. This page and all linked advisories are publicly available at no cost, require no account or login, and are free to reuse. 

Disclosure policy: https://www.zenitel.com/security/vulnerability-disclosure  

Advisories list 

Advisory Title CVE ID(s) Published Severity 
A100K12333  VS-IS OS Command Injection CVE-2025-64126 19.12.2025 Critical (10.0) 
A100K12333  VS-IS OS Command Injection CVE-2025-64127 19.12.2025 Critical (10.0) 
A100K12333  VS-IS OS Command Injection CVE-2025-64128 19.12.2025 Critical (10.0) 
A100K12333  VS-IS Out-of-bounds Write CVE-2025-64129 19.12.2025 High (7.0) 
A100K12333  VS-IS Cross-site Scripting CVE-2025-64130 19.12.2025 Critical (9.3) 
A100K12333  VS-IS Authenticated Remote Code Execution CVE-2025-59817 19.12.2025 High (8.4) 
A100K12333  VS-IS Authenticated Remote Code Execution CVE-2025-59818 19.12.2025 Critical (10.0) 
A100K12333  ICX-AlphaCom Unauthenticated SQL-injection CVE-2025-59814 19.12.2025 High (8.8) 
A100K12333  ICX-AlphaCom Authenticated Remote Code Execution CVE-2025-59815 19.12.2025 High (8.4) 
A100K12333  ICX-AlphaCom Authenticated Union based SQL-injection CVE-2025-59816 19.12.2025 High (7.3) 
A100K12333  AlphaCom XE Authenticated Arbitrary File Read CVE-2025-59819 19.12.2025 Medium (6.5) 
A100K12333  VS-IS Authenticated Remote Code Execution CVE-2025-64090 19.12.2025 Critical (10.0) 
A100K12333  VS-IS Authenticated Remote Code Execution CVE-2025-64091 19.12.2025 High (8.6) 
A100K12333  ICX-AlphaCom/AlphaCom XE Unauthenticated SQL injection CVE-2025-64092 19.12.2025 High (7.5) 
A100K12333  ICX-AlphaCom/AlphaCom XE Unauthenticated Remote Code Execution CVE-2025-64093        19.12.2025 Critical (10.0)