PatchSiren cyber security CVE debrief
CVE-2025-46271 Planet Technology CVE debrief
CVE-2025-46271 is a critical, network-reachable command-injection vulnerability affecting Planet Technology network management products. According to CISA’s CSAF advisory, an unauthenticated attacker could read or manipulate device data on affected systems. Vendor patches are available, and the advisory was initially published on 2025-04-24 and later revised on 2025-05-06 for typo fixes only.
- Vendor
- Planet Technology
- Product
- UNI-NMS-Lite
- CVSS
- CRITICAL 9.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-24
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-04-24
- Advisory updated
- 2025-05-06
Who should care
Organizations running Planet Technology UNI-NMS-Lite, NMS-500, or NMS-1000V should treat this as urgent, especially teams responsible for OT/ICS network management, appliance administration, and perimeter exposure reviews. Security teams should also care because the issue is unauthenticated and has a critical CVSS 9.1 score.
Technical summary
CISA’s advisory describes a command-injection issue in Planet Technology UNI-NMS-Lite, NMS-500, and NMS-1000V. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N, indicating a remotely reachable flaw requiring no privileges or user interaction, with high confidentiality and integrity impact. The advisory’s narrative text mentions NMS-1000, while the affected-products list specifically names NMS-1000V; the affected-products list is the authoritative product listing in the supplied CSAF.
Defensive priority
Highest priority. The combination of unauthenticated network access and critical impact warrants immediate patching, exposure review, and compensating controls until remediation is complete.
Recommended defensive actions
- Apply the vendor patches listed in the CISA advisory for UNI-NMS-Lite, NMS-500, and NMS-1000V as soon as feasible.
- Inventory Planet Technology deployments and confirm whether any affected versions are present, including UNI-NMS-Lite <=1.0b211018 and NMS-500/NMS-1000V installations.
- Restrict network access to management interfaces and limit exposure to trusted administrative networks only.
- Review logs and device configuration for unexpected changes or command execution activity around the advisory date and after.
- Follow CISA ICS recommended practices and general defense-in-depth guidance while remediation is underway.
Evidence notes
Primary evidence comes from the CISA CSAF advisory ICSA-25-114-06 (published 2025-04-24, revised 2025-05-06). The CSAF lists affected products as Planet Technology UNI-NMS-Lite <=1.0b211018, NMS-500 vers:all/*, and NMS-1000V vers:all/*. The advisory description states that UNI-NMS-Lite, NMS-500, and NMS-1000 are vulnerable to command injection that could allow an unauthenticated attacker to read or manipulate device data. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N, matching the critical severity score of 9.1. No KEV entry is indicated in the supplied data.
Official resources
-
CVE-2025-46271 CVE record
CVE.org
-
CVE-2025-46271 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published advisory ICSA-25-114-06 on 2025-04-24 and later issued a revision on 2025-05-06 for typo fixes. The supplied data indicates no Known Exploited Vulnerabilities (KEV) listing. Vendor patches are available for the affectedPlanet