Platform
php
Component
slican-ncp-ipl-ipm-ipu
Fixed in
1.24.0190
6.61.0010
CVE-2025-14577 describes a PHP Function Injection vulnerability affecting Slican NCP/IPL/IPM/IPU devices. This vulnerability allows an unauthenticated remote attacker to execute arbitrary PHP commands, potentially leading to complete system compromise. The vulnerability impacts devices running versions 0 through 6.61.0010, and a fix is available in version 1.24.0190 for Slican NCP and 6.61.0010 for Slican IPL/IPM/IPU.
Successful exploitation of CVE-2025-14577 allows an attacker to execute arbitrary PHP code on the affected Slican device. This grants them complete control over the system, enabling actions such as data theft, modification of system configurations, installation of malware, and potentially pivoting to other systems on the network. The lack of authentication required for exploitation significantly broadens the attack surface, making the vulnerability particularly concerning. Given the potential for remote code execution, the blast radius extends to any data or services hosted on the compromised device, and the attacker could leverage the device as a launchpad for further attacks within the network.
CVE-2025-14577 has been publicly disclosed. While no known active exploitation campaigns have been reported at the time of writing, the ease of exploitation due to the lack of authentication makes it a potential target. Public proof-of-concept (POC) code is likely to emerge, increasing the risk of exploitation. The vulnerability was published on 2026-02-24. Its inclusion in the KEV catalog is pending.
Exploit Status
EPSS
0.11% (30% percentile)
CISA SSVC
The primary mitigation for CVE-2025-14577 is to upgrade the affected Slican NCP/IPL/IPM/IPU devices to version 1.24.0190 (NCP) or 6.61.0010 (IPL/IPM/IPU). If immediate upgrading is not possible, consider implementing temporary workarounds such as restricting access to the /webcti/sessionajax.php endpoint using a web application firewall (WAF) or proxy server. Configure the WAF to block any requests containing suspicious PHP code or unexpected parameters. Additionally, monitor system logs for unusual PHP execution patterns or attempts to access the vulnerable endpoint. After upgrading, confirm the fix by attempting to access the /webcti/sessionajax.php endpoint with a crafted payload; successful access indicates the vulnerability remains.
Update the firmware of your Slican NCP device to version 1.24.0190 or higher, or the firmware of your Slican IPL/IPM/IPU device to version 6.61.0010 or higher. This corrects the PHP Function Injection (PHP Function Injection) vulnerability.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-14577 is a vulnerability in Slican NCP/IPL/IPM/IPU devices allowing unauthenticated remote attackers to execute arbitrary PHP commands via the /webcti/session_ajax.php endpoint.
Yes, if you are using Slican NCP/IPL/IPM/IPU devices running versions 0–6.61.0010, you are affected by this vulnerability.
Upgrade your Slican NCP/IPL/IPM/IPU devices to version 1.24.0190 (NCP) or 6.61.0010 (IPL/IPM/IPU). As a temporary workaround, restrict access to /webcti/session_ajax.php.
While no active exploitation campaigns have been confirmed, the vulnerability's ease of exploitation makes it a potential target.
Refer to the Slican security advisory for detailed information and updates regarding CVE-2025-14577.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.