RCE in Calix Gigacenter Ont
CVE-2025-54084
OS Command ('OS Command Injection') vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows authenticated attackers with 'super' user credentials to execute arbitrary OS commands through improper input validation, potentially…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.008 (52.6th percentile) — read the EPSS interpretation.
Affected products
- Calix Gigacenter Ont — versions 844E, 844G, 844GE
Weakness classification (CWE)
Public proof-of-concept exploits
References
- help@fluidattacks.com (third-party-advisory)
- help@fluidattacks.com (related, product)
- help@fluidattacks.com (third-party-advisory)
Frequently asked questions
- What is CVE-2025-54084?
- CVE-2025-54084 is a vulnerability in Calix Gigacenter Ont, classified under OS Command Injection. Published 2025-09-09.
- Is CVE-2025-54084 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.