CVE-2025-61235

2025-10-28 0:0CVE-2025-61235mitre

PUBLISHED5.1

An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public documentation can be crafted, where some fields can contain arbitrary or trivial data. Normally, such data should cause the device to reject the packet. However, due to a lack of validation, the device accepts it with no authetication and triggers the functionality instead.

Affected products

n/a - AFFECTED

References

github.com

https://github.com/stuxve/poc-dataphone-crafted-packet

GitHub Security Advisories

GHSA-62gf-9726-4v22

An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public...

https://github.com/advisories/GHSA-62gf-9726-4v22

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2025-61235

github.com

https://github.com/stuxve/poc-dataphone-crafted-packet

github.com

https://github.com/advisories/GHSA-62gf-9726-4v22

JSON source

https://cveawg.mitre.org/api/cve/CVE-2025-61235

Click to expand

{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "cveMetadata": {
    "cveId": "CVE-2025-61235",
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "dateUpdated": "2025-10-29T13:57:25.919Z",
    "dateReserved": "2025-09-26T00:00:00.000Z",
    "datePublished": "2025-10-28T00:00:00.000Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre",
        "dateUpdated": "2025-10-28T20:01:58.980Z"
      },
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public documentation can be crafted, where some fields can contain arbitrary or trivial data. Normally, such data should cause the device to reject the packet. However, due to a lack of validation, the device accepts it with no authetication and triggers the functionality instead."
        }
      ],
      "affected": [
        {
          "vendor": "n/a",
          "product": "n/a",
          "versions": [
            {
              "version": "n/a",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "n/a",
              "type": "text"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://github.com/stuxve/poc-dataphone-crafted-packet"
        }
      ]
    },
    "adp": [
      {
        "providerMetadata": {
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP",
          "dateUpdated": "2025-10-29T13:57:25.919Z"
        },
        "title": "CISA ADP Vulnrichment",
        "problemTypes": [
          {
            "descriptions": [
              {
                "lang": "en",
                "description": "CWE-20 Improper Input Validation",
                "cweId": "CWE-20",
                "type": "CWE"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "version": "3.1",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
              "attackVector": "NETWORK",
              "attackComplexity": "LOW",
              "privilegesRequired": "NONE",
              "userInteraction": "NONE",
              "scope": "UNCHANGED",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "availabilityImpact": "HIGH",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL"
            }
          },
          {}
        ]
      }
    ]
  }
}