Vulnerability in Simcom Sim7600g Modem

CVE-2025-26412

The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interact…

EPSS: 0.003 (17.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2025-26412?
CVE-2025-26412 is a medium-severity vulnerability in Simcom Sim7600g Modem, classified under Hidden Functionality. CVSS score: 6.8/10. Published 2025-06-11.
How severe is CVE-2025-26412?
Medium severity. CVSS v3 base score is 6.8 out of 10.
Is CVE-2025-26412 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.