RCE in Calix Gigacenter Ont

CVE-2025-54084

OS Command ('OS Command Injection') vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows authenticated attackers with 'super' user credentials to execute arbitrary OS commands through improper input validation, potentially…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.008 (52.6th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2025-54084?
CVE-2025-54084 is a vulnerability in Calix Gigacenter Ont, classified under OS Command Injection. Published 2025-09-09.
Is CVE-2025-54084 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.