A significant security vulnerability has emerged in XSpeeder networking equipment, potentially compromising up to 70,000 businesses. The flaw, identified by the research firm pwn.ai, was discovered through the firm’s proprietary AI tool of the same name, which aims to identify weaknesses before they can be exploited by malicious actors.
The vulnerability, cataloged as CVE-2025-54322, has received a critical threat score of 10.0, the highest rating possible. This flaw allows unauthorized users to obtain “root” access to devices without any password requirement. Such unauthorized access grants hackers control to monitor traffic, exfiltrate sensitive data, or even disable systems.
Methodology Behind the Discovery
XSpeeder, a Chinese manufacturer, specializes in edge devices like routers and SD-WAN appliances, with its SXZOS operating system widely used in industrial settings and remote offices. The pwn.ai research team deployed a swarm of AI agents to replicate the behavior of XSpeeder devices in order to conduct a thorough assessment for vulnerabilities. These AI agents leverage a unique architecture informed by extensive hacking knowledge to simulate device interactions and identify possible weak points.
The technical investigation revealed that the AI identified a specific file, vLogin.py, where it was able to inject malicious code via a parameter known as “chkid.” This method enabled the tool to manipulate the device into executing unauthorized commands. Researchers have classified this finding as the first example of an AI agent successfully identifying a remotely exploitable zero-day vulnerability.
Prolonged Silence from the Manufacturer
Despite significant advancements in AI detecting vulnerabilities, the process of responsible disclosure has proven challenging. The team at pwn.ai reported spending more than seven months attempting to notify XSpeeder of the vulnerability, yet no patches or advisories have materialized. Researchers stated, “Our outreach efforts have gone unanswered, making this a lingering zero-day vulnerability.”
Importantly, the exploit does not require advanced skills; as noted in the blog post, an attacker merely needs to know the target’s IP address to exploit this vulnerability. With tens of thousands of systems exposed, the implications for industrial and remote network environments are severe.
Additionally, pwn.ai has uncovered nearly twenty other significant vulnerabilities, indicating a rapid shift in how we identify and combat cybersecurity threats.
Vendor Response to Security Vulnerabilities
While some vendors respond promptly to reports of security vulnerabilities, others may disregard warnings, downplay risk, or even retaliate against researchers. A notable example includes Eurostar, a major European train service, which faced allegations of blackmail from Pen Test Partners after researchers highlighted critical flaws in its AI-driven chatbot.
Such incidents illustrate a broader issue regarding the treatment of security researchers, prompting countries like Portugal to reform cybercrime legislation aimed at protecting ethical hackers from prosecution for simply alerting companies to security flaws. This evolving landscape underscores the need for heightened accountability and collaboration in addressing cybersecurity threats.
