CVE-2025-55423 — A command injection vulnerability exists in the upnp_relay() function in multiple ipTIME router models because the controlURL value used to pass port-forwarding information to an upper router is passe — CVE Database · The Intelligence Room