CVE-2025-61235CRITICAL 9.1EPSS p24.2%

CVE-2025-61235CVE-2025-61235

Description

An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public documentation can be crafted, where some fields can contain arbitrary or trivial data. Normally, such data should cause the device to reject the packet. However, due to a lack of validation, the device accepts it with no authetication and triggers the functionality instead.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS0.33% probability of exploitation · percentile 24.2% · 2026-06-18T12:00:27Z
Published2025-10-28
Last modified2026-04-15

Underlying weaknesses· 1

CWE-20

References

  1. https://github.com/stuxve/poc-dataphone-crafted-packet

1

TypeTargetConfidenceTier
WeaknessImproper Input Validationcwe-200%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-21025
CVE
CVE-2025-21427
CVE
CVE-2025-21484
CVE
CVE-2025-21487
CVE
CVE-2025-1041
CVE
CVE-2025-1532
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.