プラットフォーム
php
コンポーネント
slican-ncp-ipl-ipm-ipu
修正版
1.24.0190
6.61.0010
CVE-2025-14577 describes a PHP Function Injection vulnerability affecting Slican NCP/IPL/IPM/IPU devices. This vulnerability allows an unauthenticated remote attacker to execute arbitrary PHP commands, potentially leading to complete system compromise. The vulnerability impacts devices running versions 0 through 6.61.0010, and a fix is available in version 1.24.0190 for Slican NCP and 6.61.0010 for Slican IPL/IPM/IPU.
Successful exploitation of CVE-2025-14577 allows an attacker to execute arbitrary PHP code on the affected Slican device. This grants them complete control over the system, enabling actions such as data theft, modification of system configurations, installation of malware, and potentially pivoting to other systems on the network. The lack of authentication required for exploitation significantly broadens the attack surface, making the vulnerability particularly concerning. Given the potential for remote code execution, the blast radius extends to any data or services hosted on the compromised device, and the attacker could leverage the device as a launchpad for further attacks within the network.
CVE-2025-14577 has been publicly disclosed. While no known active exploitation campaigns have been reported at the time of writing, the ease of exploitation due to the lack of authentication makes it a potential target. Public proof-of-concept (POC) code is likely to emerge, increasing the risk of exploitation. The vulnerability was published on 2026-02-24. Its inclusion in the KEV catalog is pending.
Organizations utilizing Slican NCP/IPL/IPM/IPU devices in industrial control systems or network infrastructure are particularly at risk. Legacy deployments with outdated firmware versions are especially vulnerable. Shared hosting environments where multiple users share the same Slican device could also be impacted, as an attacker could potentially exploit the vulnerability to gain access to other users' data or systems.
• linux / server: Monitor access logs for requests to /webcti/session_ajax.php containing unusual or suspicious parameters. Use journalctl to filter for PHP errors related to function injection.
journalctl -u php-fpm -g 'session_ajax.php'• generic web: Use curl to test the /webcti/sessionajax.php endpoint with a simple PHP command as a parameter (e.g., curl 'http://<target>/webcti/sessionajax.php?cmd=phpinfo()' ). A successful response indicating PHP execution confirms the vulnerability.
curl 'http://<target>/webcti/session_ajax.php?cmd=phpinfo()'disclosure
エクスプロイト状況
EPSS
0.11% (30% パーセンタイル)
CISA SSVC
The primary mitigation for CVE-2025-14577 is to upgrade the affected Slican NCP/IPL/IPM/IPU devices to version 1.24.0190 (NCP) or 6.61.0010 (IPL/IPM/IPU). If immediate upgrading is not possible, consider implementing temporary workarounds such as restricting access to the /webcti/sessionajax.php endpoint using a web application firewall (WAF) or proxy server. Configure the WAF to block any requests containing suspicious PHP code or unexpected parameters. Additionally, monitor system logs for unusual PHP execution patterns or attempts to access the vulnerable endpoint. After upgrading, confirm the fix by attempting to access the /webcti/sessionajax.php endpoint with a crafted payload; successful access indicates the vulnerability remains.
Slican NCPデバイスのファームウェアをバージョン1.24.0190以降に、またはSlican IPL/IPM/IPUデバイスのファームウェアをバージョン6.61.0010以降にアップデートしてください。これにより、PHP Function Injectionの脆弱性が修正されます。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2025-14577 is a vulnerability in Slican NCP/IPL/IPM/IPU devices allowing unauthenticated remote attackers to execute arbitrary PHP commands via the /webcti/session_ajax.php endpoint.
Yes, if you are using Slican NCP/IPL/IPM/IPU devices running versions 0–6.61.0010, you are affected by this vulnerability.
Upgrade your Slican NCP/IPL/IPM/IPU devices to version 1.24.0190 (NCP) or 6.61.0010 (IPL/IPM/IPU). As a temporary workaround, restrict access to /webcti/session_ajax.php.
While no active exploitation campaigns have been confirmed, the vulnerability's ease of exploitation makes it a potential target.
Refer to the Slican security advisory for detailed information and updates regarding CVE-2025-14577.
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。