CVE-2025-40836

EPSS 0.15%
Veröffentlicht 25.09.2025 15:16:11
Zuletzt bearbeitet 02.10.2025 17:59:39
Quelle 85b1779b-6ecd-4f52-bcc5-73eac4
CVE-Watchlists
Login
Unerledigt
Login

Ericsson Indoor Connect 8855 contains an improper input validation vulnerability which if exploited can allow an attacker to execute commands with escalated privileges.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ericsson ≫ Indoor Connect 8855 Firmware Version < 2025.q2

Ericsson ≫ Indoor Connect 8855 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.352

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
85b1779b-6ecd-4f52-bcc5-73eac4659dcf	8.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.ericsson.com/en/about-us/security/psirt/e2025-09-25

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-40836

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40836

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40836

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-40836