CVE-2025-54857 (CVSS 9.8): Critical Flaw in Seiko Solutions Device Allows Remote Takeover
Ddos 
A critical security flaw has been discovered in SkyBridge BASIC MB-A130, a networking device developed by Seiko Solutions Inc. The vulnerability, tracked as CVE-2025-54857, carries the highest possible severity rating with a CVSS score of 9.8, and it could allow remote, unauthenticated attackers to execute arbitrary OS commands with root privileges.
The vulnerability exists in SkyBridge BASIC MB-A130 firmware versions 1.5.8 and earlier. According to the advisory, the flaw stems from insufficient input validation, which allows attackers to inject malicious OS commands. Because the exploit requires no authentication, it poses a significant risk for any exposed device.
If successfully exploited, attackers could gain complete control over the deviceβs operating system. With root-level access, a malicious actor could:
- Install persistent backdoors
- Alter device configurations
- Intercept or manipulate traffic
- Launch attacks against other connected systems
The affected products include
- SkyBridge BASIC MB-A130 β Version 1.5.8 and earlier
Seiko Solutions has released a patched firmware to address the issue. The fixed version is: SkyBridge BASIC MB-A130 Ver. 1.6.0.
Administrators are strongly urged to apply the update immediately. Additionally, any devices exposed to untrusted networks should be monitored for signs of compromise.
Related Posts:
- CVE-2024-32850 (CVSS 9.8): Critical Flaw in SkyBridge Routers Exposes Thousands to Cyberattacks
- Seiko Says Black Cat Ransomware Exposes 60,000 Data Items
- Unpatched Epson Devices at Risk: CVE-2024-47295 Allows Easy Hijacking
- Microsoft Announces Microsoft 365 for the U.S. Gov: Offering a Complete Office Solution
- Let’s Encrypt Root gains the trust of all major root programs
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
