A critical zero-day vulnerability, CVE-2025-54322, has been discovered in Xspeeder network devices, posing a significant threat to global cybersecurity. The flaw, identified by autonomous AI agents, allows remote code execution without authentication, giving attackers the ability to execute arbitrary commands on affected devices. With a CVSS score of 10, this vulnerability is considered extremely dangerous. Despite attempts by cybersecurity researchers to contact Xspeeder for over six months, the company has not responded, leaving the vulnerability unpatched. This lack of response is alarming, given the widespread use of Xspeeder’s routers and SD-WAN devices, particularly in industrial and remote settings. Organizations using these devices are urged to isolate them from public internet access to mitigate potential exploitation. The emergence of AI in identifying such vulnerabilities marks a significant advancement in cybersecurity, highlighting both the potential and the risks associated with automated systems.
Are Xspeeder Devices Threatened by a New AI-Discovered Zero-Day Vulnerability?
