CVE Alert: CVE-2025-35004
Vulnerability Summary: CVE-2025-35004
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFIP command that can lead to privilege escalation. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record’s first publishing.
Affected Endpoints:
No affected endpoints listed.
Published Date:
6/8/2025, 9:15:31 PM
🔥 CVSS Score:
Exploit Status:
Not ExploitedReferences:
- https://support.microhardcorp.com/portal/en/kb/articles/ipn4gii-bullet-lte-firmware
- https://takeonme.org/cves/cve-2025-35004/
- https://www.microhardcorp.com/BulletLTE-NA2.php
- https://www.microhardcorp.com/IPn4Gii-NA2.php
Recommended Action:
No proposed action available. Please refer to vendor documentation for updates.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
