Proximus b-box CVE-2025-45422
HIGHSeverity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Authenticated user (PR:L) over the network (AV:N) modifies NAT rules - high integrity impact, only incidental confidentiality exposure via forwarded services (C:L), no availability loss.
Primary rating from Vendor (mitre).
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
3DescriptionCVE.org
Incorrect access control in Proximus b-box v8c.725A allows authenticated attackers to bypass normal restrictions and make arbitrary changes to port forwarding rules.
AnalysisAI
Improper access control in the Proximus b-box v8c.725A ISP gateway lets an already-authenticated low-privilege user override authorization checks and freely add, alter, or delete port forwarding (NAT) rules. Publicly available exploit code exists (GitHub PoC by Cedrico03), though it is not listed in CISA KEV and carries a low EPSS score (0.22%, 12th percentile), indicating no evidence of widespread active exploitation. The flaw effectively grants any logged-in account router-administrator control over inbound traffic routing.
Technical ContextAI
The b-box is a residential/SOHO internet gateway distributed by the Belgian ISP Proximus, combining routing, NAT, and firewall functions. The weakness is classed as CWE-284 (Improper Access Control): the web management interface performs an action (editing port forwarding / NAT rules) without properly verifying that the requesting session holds sufficient privilege, so authorization is enforced inconsistently or not at all for that function. Port forwarding rules govern which external requests are mapped to internal LAN hosts, so control over them is control over the perimeter of the home/office network. No exact CPE dictionary entry was provided in the source data beyond the free-text product string 'Proximus b-box v8c.725A'.
Affected ProductsAI
The affected product is the Proximus b-box internet gateway, specifically firmware/model version v8c.725A, as reported to MITRE (cve@mitre.org). Vendor references point to http://proximus.com and http://b-box.com; no versioned CPE URI or tagged advisory page was supplied in the intelligence data, so the affected-version boundary (whether versions before or after v8c.725A are impacted) is not independently confirmed. Proof-of-concept material is published at https://github.com/Cedrico03/CVE-2025-45422---Bbox.
RemediationAI
No vendor-released patch or fixed firmware version was identified at time of analysis, so remediation currently relies on compensating controls. Ensure the b-box remote/web management interface is not reachable from the WAN/internet - restrict administration to the LAN side only - which blocks the AV:N reach that makes this exploitable remotely. Change all default and low-privilege account credentials and remove or disable any unnecessary secondary/guest accounts, since the attack requires an authenticated (PR:L) session; this reduces the pool of accounts that could abuse the flaw. Periodically audit the active port forwarding / NAT rule set and remove unexpected entries, accepting that this is detective rather than preventive. Monitor http://proximus.com and http://b-box.com for a firmware update and apply it once released. Trade-off: locking management to LAN-only may inconvenience legitimate remote administration workflows.
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today