CVE-2025-30515

| EUVD-2025-17590 CRITICAL
2025-06-09 [email protected]
Information Disclosure 011209 Sip Emergency Intercom Firmware
9.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 05:55 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
patch_available
Apr 16, 2026 - 05:29 EUVD
22.0.1
EUVD ID Assigned
Mar 14, 2026 - 19:21 euvd
EUVD-2025-17590
Analysis Generated
Mar 14, 2026 - 19:21 vuln.today
CVE Published
Jun 09, 2025 - 23:15 nvd
CRITICAL 9.8

DescriptionNVD

CyberData 011209 Intercom

could allow an authenticated attacker to upload arbitrary files to multiple locations within the system.

AnalysisAI

Critical arbitrary file upload vulnerability in CyberData 011209 Intercom systems that allows authenticated attackers to upload malicious files to multiple locations within the system without user interaction. With a CVSS 9.8 score and network-accessible attack surface requiring only valid authentication credentials, this vulnerability poses severe risk to organizations deploying these intercom systems. The vulnerability enables complete system compromise through arbitrary file placement, potentially allowing remote code execution, system manipulation, and data theft.

Technical ContextAI

CyberData 011209 Intercom systems are network-based communication devices commonly deployed in enterprise and commercial environments. The vulnerability exists in the file upload functionality (CWE-35: Path Traversal) which fails to properly validate or restrict the locations where authenticated users can upload files. CWE-35 represents improper resource validation where user-controlled input determining file destination paths is not sanitized, allowing attackers to traverse directory structures and write files to sensitive system locations outside intended upload directories. The authentication requirement (PR:N in CVSS vector indicates no privileges required for exploitation once authenticated) suggests the vulnerability exists in a post-authentication code path, likely in web-based management interfaces or file management APIs commonly found in IP-based intercom systems.

RemediationAI

Immediate actions: (1) Contact CyberData Corporation directly for patched firmware versions and security advisories for the 011209 Intercom system; (2) Apply firmware updates as soon as available from CyberData support channels; (3) Interim mitigations pending patches: restrict network access to intercom management interfaces using firewall rules, limit administrative account access using principle of least privilege, disable remote file upload functionality if available through management interface settings, implement strong authentication (MFA if supported) for all administrative accounts; (4) Monitor CyberData security advisories at [vendor advisory portal] for patch release notifications; (5) Implement network segmentation to isolate intercom systems on dedicated VLAN with restricted access. Monitor access logs for suspicious file upload activities to multiple system directories. Vendor patch information should be obtained directly from CyberData Corporation as specific patch version numbers are not provided in available CVE data.

Share

CVE-2025-30515 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy