This page is the official source for security advisories affecting Zenitel’s products; advisories reference CVE identifiers where assigned. This page and all linked advisories are publicly available at no cost, require no account or login, and are free to reuse.
Disclosure policy: https://www.zenitel.com/security/vulnerability-disclosure
Advisories list
| Advisory | Title | CVE ID(s) | Published | Severity |
| A100K12333 | VS-IS OS Command Injection | CVE-2025-64126 | 19.12.2025 | Critical (10.0) |
| A100K12333 | VS-IS OS Command Injection | CVE-2025-64127 | 19.12.2025 | Critical (10.0) |
| A100K12333 | VS-IS OS Command Injection | CVE-2025-64128 | 19.12.2025 | Critical (10.0) |
| A100K12333 | VS-IS Out-of-bounds Write | CVE-2025-64129 | 19.12.2025 | High (7.0) |
| A100K12333 | VS-IS Cross-site Scripting | CVE-2025-64130 | 19.12.2025 | Critical (9.3) |
| A100K12333 | VS-IS Authenticated Remote Code Execution | CVE-2025-59817 | 19.12.2025 | High (8.4) |
| A100K12333 | VS-IS Authenticated Remote Code Execution | CVE-2025-59818 | 19.12.2025 | Critical (10.0) |
| A100K12333 | ICX-AlphaCom Unauthenticated SQL-injection | CVE-2025-59814 | 19.12.2025 | High (8.8) |
| A100K12333 | ICX-AlphaCom Authenticated Remote Code Execution | CVE-2025-59815 | 19.12.2025 | High (8.4) |
| A100K12333 | ICX-AlphaCom Authenticated Union based SQL-injection | CVE-2025-59816 | 19.12.2025 | High (7.3) |
| A100K12333 | AlphaCom XE Authenticated Arbitrary File Read | CVE-2025-59819 | 19.12.2025 | Medium (6.5) |
| A100K12333 | VS-IS Authenticated Remote Code Execution | CVE-2025-64090 | 19.12.2025 | Critical (10.0) |
| A100K12333 | VS-IS Authenticated Remote Code Execution | CVE-2025-64091 | 19.12.2025 | High (8.6) |
| A100K12333 | ICX-AlphaCom/AlphaCom XE Unauthenticated SQL injection | CVE-2025-64092 | 19.12.2025 | High (7.5) |
| A100K12333 | ICX-AlphaCom/AlphaCom XE Unauthenticated Remote Code Execution | CVE-2025-64093 | 19.12.2025 | Critical (10.0) |