Description
Cato Networks’ Socket versions prior to 25 contain a command injection vulnerability that allows an authenticated attacker with access to the Socket web interface (UI) to execute arbitrary operating system commands as the root user on the Socket’s internal system.
Published: 2026-03-31
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A flaw in Cato Networks Socket allows an authenticated attacker who can access the internal web interface to inject system commands. By supplying crafted input, the attacker can cause the application to execute arbitrary commands with root privileges on the Socket device, creating a full remote code execution danger reflected in the high CVSS score and the underlying CWE identifiers for input validation and command execution.

Affected Systems

The vulnerability exists in all Socket releases prior to version 25 of the Cato Networks appliance. Any deployment of those versions that exposes the web interface and allows authenticated access can be impacted.

Risk and Exploitability

The CVSS base score of 8.3 indicates high severity, and while the EPSS score is unavailable and the flaw is not listed in the KEV catalog, the impact of running arbitrary commands as root remains critical. Attackers need valid credentials to reach the web UI; once authenticated they can deliver commands that compromise the entire device. The combination of a high severity rating with authenticated access through a web interface makes this a priority for rapid remediation.

Generated by OpenCVE AI on March 31, 2026 at 13:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify the Socket firmware version; if it is earlier than 25, upgrade to version 25 or later.
  • If an upgrade cannot be performed immediately, restrict web UI access to trusted administrators and apply network segmentation to limit exposure.
  • Monitor socket appliance logs for suspicious command execution attempts.
  • Stay updated by checking Cato Networks support for any vendor‑issued workarounds or patches.

Generated by OpenCVE AI on March 31, 2026 at 13:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Cato Networks
Cato Networks socket
Vendors & Products Cato Networks
Cato Networks socket

Tue, 31 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Cato Networks’ Socket versions prior to 25 contain a command injection vulnerability that allows an authenticated attacker with access to the Socket web interface (UI) to execute arbitrary operating system commands as the root user on the Socket’s internal system.
Title Cato's Socket WebUI is vulnerable to OS Command Injection
Weaknesses CWE-20
CWE-78
References
Metrics cvssV4_0

{'score': 8.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:H'}

Subscriptions

Cato Networks Socket
cve-icon MITRE

Status: PUBLISHED

Assigner: Cato

Published:

Updated: 2026-03-31T13:21:59.364Z

Reserved: 2025-12-07T13:44:13.332Z

Link: CVE-2025-14213

cve-icon Vulnrichment

Updated: 2026-03-31T13:21:54.256Z

cve-icon NVD

Status : Received

Published: 2026-03-31T12:16:26.813

Modified: 2026-03-31T12:16:26.813

Link: CVE-2025-14213

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:38:47Z

Weaknesses