CVE-2025-14213
Cato's Socket WebUI is vulnerable to OS Command Injection
CVSS Score
0.0
EPSS Score
0.3%
EPSS Percentile
57th
Cato Networks’ Socket versions prior to 25 contain a command injection vulnerability that allows an authenticated attacker with access to the Socket web interface (UI) to execute arbitrary operating system commands as the root user on the Socket’s internal system.
| CWE | CWE-78 CWE-20 |
| Vendor | cato networks |
| Product | socket |
| Published | Mar 31, 2026 |
| Last Updated | Mar 31, 2026 |
Stay Ahead of the Next One
Get instant alerts for cato networks socket
Be the first to know when new unknown vulnerabilities affecting cato networks socket are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
Cato Networks / Socket
24 and below