MiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. A malicious
HTTP request crafted by an authenticated user could allow the execution of arbitrary commands on the
underlying operating system.
HTTP request crafted by an authenticated user could allow the execution of arbitrary commands on the
underlying operating system.
Metrics
Affected Vendors & Products
References
History
Tue, 12 Aug 2025 12:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mobile-industrial-robots
Mobile-industrial-robots mir100 Mobile-industrial-robots mir1000 Mobile-industrial-robots mir200 Mobile-industrial-robots mir250 Mobile-industrial-robots mir500 |
|
Vendors & Products |
Mobile-industrial-robots
Mobile-industrial-robots mir100 Mobile-industrial-robots mir1000 Mobile-industrial-robots mir200 Mobile-industrial-robots mir250 Mobile-industrial-robots mir500 |
Fri, 08 Aug 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 08 Aug 2025 11:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | MiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. A malicious HTTP request crafted by an authenticated user could allow the execution of arbitrary commands on the underlying operating system. | |
Title | OS command injection in MiR robots and MiR fleet via crafted HTTP requests | |
Weaknesses | CWE-78 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: TRO
Published:
Updated: 2025-08-08T15:36:48.048Z
Reserved: 2025-08-08T11:07:37.364Z
Link: CVE-2025-8748

Updated: 2025-08-08T15:36:44.430Z

Status : Awaiting Analysis
Published: 2025-08-08T11:15:29.243
Modified: 2025-08-08T20:30:18.180
Link: CVE-2025-8748

No data.

Updated: 2025-08-12T11:47:26Z