AI-discovered maximum severity XSpeeder zero-day disregarded

Chinese network edge device vendor XSpeeder has ignored AI-powered security research firm pwn.ai's report of a maximum severity vulnerability, tracked as CVE-2025-54322, which threatens to compromise 70,000 organizations, according to HackRead. Multiple AI agents used by pwn.ai's proprietary tool have discovered that XSpeeder's vLogin.py file can be injected with malicious code that could facilitate command execution, said pwn.ai researchers, who noted the issue to be the first-ever exploitable zero-day discovered by AI. "We chose it as our first disclosure because, unlike other vendors, we have been unable to get any response from XSpeeder despite more than seven months of outreach. As a result, at the time of publication, this unfortunately remains to be a zero-day vulnerability," researchers added. XSpeeder's inaction on the critical flaw comes as Western European high-speed rail service operator Eurostar made blackmail accusations against Pen Test Partners researchers who discovered multiple security weaknesses impacting its AI chatbot.