RUGGEDCOM ROX Series RCE via unsanitized Feature Key Install (<V2.17.1)
CVE-2025-40947 Published on May 12, 2026
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (All versions < V2.17.1), RUGGEDCOM ROX RX1511 (All versions < V2.17.1), RUGGEDCOM ROX RX1512 (All versions < V2.17.1), RUGGEDCOM ROX RX1524 (All versions < V2.17.1), RUGGEDCOM ROX RX1536 (All versions < V2.17.1), RUGGEDCOM ROX RX5000 (All versions < V2.17.1). Affected devices do not properly sanitize user-supplied input during the feature key installation process. This could allow an authenticated remote attacker to inject arbitrary commands, resulting in remote code execution with root privileges on the underlying operating system.
Weakness Type
What is a Shell injection Vulnerability?
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CVE-2025-40947 has been classified to as a Shell injection vulnerability or weakness.
Affected Versions
Siemens RUGGEDCOM ROX MX5000:- Before V2.17.1 is affected.
- Before V2.17.1 is affected.
- Before V2.17.1 is affected.
- Before V2.17.1 is affected.
- Before V2.17.1 is affected.
- Before V2.17.1 is affected.
- Before V2.17.1 is affected.
- Before V2.17.1 is affected.
- Before V2.17.1 is affected.
- Before V2.17.1 is affected.
- Before V2.17.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.