cvedb.io
CVE-2025-54322
CRITICAL · CVSS 10
EPSS exploitation probability: 0%
Published 2025-12-27T14:15:49.547 · Last modified 2026-06-17T09:39:50.930

Summary

Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to vLogin.py. The title and oIP parameters are also used.

Affected products

xspeeder — sxzos

Does this affect you?

Add your gear to cvedb and we'll alert you only when xspeeder ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.