EUVD-2025-208981
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3Description
Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Request Forgery (CSRF) vulnerability which, if exploited, can lead to unauthorized modification of certain information.
Analysis
A Cross-Site Request Forgery (CSRF) vulnerability exists in Ericsson Indoor Connect 8855 prior to version 2025.Q3 that allows attackers to perform unauthorized modification of certain information by tricking authenticated users into executing malicious requests. The vulnerability affects the Ericsson Indoor Connect 8855 product line and can be exploited to compromise the integrity of system data without explicit user awareness. No active exploitation in the wild (KEV status) or public proof-of-concept has been confirmed at this time, though the attack vector is typically network-based with low to medium complexity.
Technical Context
The vulnerability is rooted in CWE-352 (Cross-Site Request Forgery), a fundamental web application security flaw where the affected application (Ericsson Indoor Connect 8855, identified via CPE cpe:2.3:a:ericsson:indoor_connect_8855:*:*:*:*:*:*:*:*) fails to implement proper anti-CSRF protections such as synchronizer tokens, same-site cookie attributes, or request origin validation. Indoor Connect 8855 is Ericsson's indoor connectivity and network management solution; the CSRF weakness means that state-changing operations (modifications to configuration, user data, or system settings) can be triggered through cross-origin requests without proper verification. This is particularly dangerous in enterprise network management contexts where Indoor Connect 8855 may be deployed as a centralized control point for indoor wireless infrastructure.
Affected Products
Ericsson Indoor Connect 8855 in all versions prior to 2025.Q3 are affected by this CSRF vulnerability. The affected product is identified through CPE cpe:2.3:a:ericsson:indoor_connect_8855:*:*:*:*:*:*:*:*, indicating all configurations of the Indoor Connect 8855 product line before the 2025 Q3 release are vulnerable. Organizations running Indoor Connect 8855 for indoor wireless network management should verify their installed version and determine upgrade eligibility. Detailed vendor guidance is available through the Ericsson security bulletin referenced at https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-indoorconnect-march-2026 and https://www.ericsson.com/en/about-us/security/psirt/CVE-2025-40841.
Remediation
Upgrade Ericsson Indoor Connect 8855 to version 2025.Q3 or later as the primary remediation. Organizations unable to immediately upgrade should implement compensating controls including enforcement of authenticated session timeouts to limit the window for CSRF exploitation, deployment of a Web Application Firewall (WAF) configured to detect and block suspicious cross-origin state-changing requests, and implementation of SameSite cookie attributes at the reverse proxy level if Indoor Connect 8855 sits behind one. Additionally, restrict administrative access to Indoor Connect 8855 to trusted networks only using firewall rules, and educate users with administrative privileges to avoid clicking untrusted links while maintaining active sessions. Consult Ericsson's security bulletin at https://www.ericsson.com/en/about-us/security/psirt/CVE-2025-40841 for vendor-specific mitigation guidance and upgrade timelines.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today