CVE-2025-61235 — CRITICAL (9.1)

Vulnerability Description

An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public documentation can be crafted, where some fields can contain arbitrary or trivial data. Normally, such data should cause the device to reject the packet. However, due to a lack of validation, the device accepts it with no authetication and triggers the functionality instead.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

HIGH

Related Weaknesses (CWE)

CWE-20

References

https://github.com/stuxve/poc-dataphone-crafted-packet

FAQ

What is CVE-2025-61235?

CVE-2025-61235 is a vulnerability with a CVSS score of 9.1 (CRITICAL). An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public documentation can be crafted, where some fields can contain arbitrary or trivial data. Normally, such data sh...

How severe is CVE-2025-61235?

CVE-2025-61235 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-61235?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.