QwikSec

Security Database

CVE

CWE

Training

CVE-2025-14213

Published: Mar 31, 2026

Modified: Mar 31, 2026

PUBLISHED

Description

Cato Networks’ Socket versions prior to 25 contain a command injection vulnerability that allows an authenticated attacker with access to the Socket web interface (UI) to execute arbitrary operating system commands as the root user on the Socket’s internal system.

Vendor	Product	Versions
Cato Networks	Socket	affected `24 and below`

Weaknesses (CWE)

References

https://support.catonetworks.com/hc/en-us/articles/33184937283357-CVE-2025-14213-Socket-WebUI-OS-Command-Injection

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.