CVE-2025-9494 | Viessmann Vitogate 300 3.0.x /cgi-bin/vitogate.cgi popen form os command injection

A vulnerability classified as critical was found in Viessmann Vitogate 300 3.0.x. The affected element is the function popen of the file /cgi-bin/vitogate.cgi. The manipulation of the argument form results in os command injection.

This vulnerability is cataloged as CVE-2025-9494. The attack must originate from the local network. There is no exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More