Primary

Context

Ericsson EMCLI Arbitrary Code Execution Vulnerability

Vulnerability

Patched

A high severity vulnerability has been identified in the Ericsson EMCLI component, present in all versions prior to 24.Q1.C5 for RAN Compute and all versions prior to S24.Q2 for Site Controller 6610. This vulnerability arises from improper neutralization of special elements used in operating system commands, which could be exploited to achieve arbitrary code execution.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Remediation

Users can upgrade to version 24.Q1.C5, 24.Q2, 24.Q3, 24.Q4, 25.Q1, RCG123.1, RCG123.2, or RCG123.3 for RAN Compute. For Site Controller 6610, users should upgrade to S24.Q2, S24.Q3.1, S24.Q4, or S25.Q1.

Added: Oct 13, 2025, 7:22 AM

Updated: Oct 13, 2025, 7:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.2

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.2

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ericsson EMCLI Arbitrary Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Ericsson RAN Compute

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating