Which versions of Ericsson are affected by CVE-2025-40838?

CVE-2025-40838 is a low-severity vulnerability in Ericsson Indoor Connect 8855 (CVSS 2.0).

How to fix or mitigate CVE-2025-40838?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Ericsson CVE-2025-40838

Q: What is the CVSS score of CVE-2025-40838?

CVE-2025-40838 has a CVSS 4.0 base score of 5.1 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

MEDIUM

Insufficiently Protected Credentials (CWE-522)

2025-09-25 85b1779b-6ecd-4f52-bcc5-73eac4659dcf

Authentication Bypass Ericsson

5.1

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:11 NVD

LOW MEDIUM

CVSS changed

Apr 29, 2026 - 01:11 NVD

2.0 (LOW) 5.1 (MEDIUM)

Analysis Generated

Mar 28, 2026 - 19:14 vuln.today

CVE Published

Sep 25, 2025 - 15:16 nvd

LOW 2.0

DescriptionNVD

Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information.

AnalysisAI

Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Insufficiently Protected Credentials (CWE-522), which allows attackers to obtain user credentials due to weak protection mechanisms. Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information. Affected products include: Ericsson Indoor Connect 8855 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Hash passwords with strong algorithms (bcrypt, argon2), encrypt credentials in transit and at rest, never log credentials.

CVE-2025-40838 vulnerability details – vuln.today

Back

Ericsson CVE-2025-40838

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

Ericsson CVE-2025-40838

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code