CVE-2025-59814HIGH 8.8EPSS p16.3%

CVE-2025-59814CVE-2025-59814

Description

This vulnerability allows malicious actors to gain unauthorized access to the Zenitel ICX500 and ICX510 Gateway Billing Admin endpoint, enabling them to read the entire contents of the Billing Admin database.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.25% probability of exploitation · percentile 16.3% · 2026-06-18T12:00:27Z
Published2025-09-25
Last modified2026-04-15

Underlying weaknesses· 1

CWE-89

References

  1. https://wiki.zenitel.com/wiki/Downloads#ICX-AlphaCom_System
  2. https://wiki.zenitel.com/wiki/ICX_1.4.3.X_-_Release_Notes

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-890%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-59815
CVE
CVE-2025-28231
CVE
CVE-2025-55141
CVE
Sangoma FreePBX Authentication Bypass Vulnerability
CVE
CVE-2025-55142
CVE
CVE-2025-32814
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.