Skip to main content

Ericsson CVE-2025-40838

MEDIUM
Insufficiently Protected Credentials (CWE-522)
2025-09-25 85b1779b-6ecd-4f52-bcc5-73eac4659dcf
5.1
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

4
Severity Changed
Apr 29, 2026 - 01:11 NVD
LOW MEDIUM
CVSS changed
Apr 29, 2026 - 01:11 NVD
2.0 (LOW) 5.1 (MEDIUM)
Analysis Generated
Mar 28, 2026 - 19:14 vuln.today
CVE Published
Sep 25, 2025 - 15:16 nvd
LOW 2.0

DescriptionCVE.org

Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information.

AnalysisAI

Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Insufficiently Protected Credentials (CWE-522), which allows attackers to obtain user credentials due to weak protection mechanisms. Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information. Affected products include: Ericsson Indoor Connect 8855 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Hash passwords with strong algorithms (bcrypt, argon2), encrypt credentials in transit and at rest, never log credentials.

CVE-2015-2166 MEDIUM POC
5.0 Apr 06

Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5

CVE-2018-9245 CRITICAL POC
9.8 Apr 22

The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection vulnerability in the User ID and password fields that a

CVE-2018-10285 CRITICAL POC
9.8 Apr 22

The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Rated critical severity (CVSS

CVE-2021-43339 HIGH POC
8.8 Nov 03

In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file

CVE-2018-10286 HIGH POC
8.8 Apr 22

The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and th

CVE-2021-41390 HIGH POC
8.0 Sep 17

In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is v

CVE-2018-15138 HIGH POC
7.5 Aug 15

Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs. Rated high severity (CVSS

CVE-2019-7417 MEDIUM POC
6.1 Mar 21

XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple parameters in the "/cgi-bin/alexserv" servlet, as

CVE-2015-2167 MEDIUM POC
5.8 Apr 06

Open redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 all

CVE-2021-41391 MEDIUM POC
5.4 Sep 17

In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vul

CVE-2020-29145 MEDIUM POC
5.4 Nov 27

In Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX is a web base module in BSCS iX that is vulnerable to stored XSS v

CVE-2020-29144 MEDIUM POC
5.4 Nov 27

In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via

Share

CVE-2025-40838 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy