Cyber Posture

CVE-2025-0675

High

Published: 07 February 2025

Published
07 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0010 26.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Multiple Elber products suffer from an unauthenticated device configuration and client-side hidden functionality disclosure.

Security Summary

CVE-2025-0675 is an information disclosure vulnerability affecting multiple Elber products, enabling unauthenticated access to device configuration data and client-side hidden functionality. Published on 2025-02-07, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and is linked to CWE-912 (Hidden Functionality).

Remote attackers require only network access and face low complexity barriers, with no privileges, authentication, or user interaction needed. Successful exploitation allows disclosure of sensitive configuration details and hidden features, resulting in high confidentiality impact without affecting integrity or availability.

The CISA ICS Advisory ICSA-25-035-03 provides details on mitigation strategies and affected products; practitioners should consult https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-03 for patches and remediation guidance.

Details

CWE(s)
CWE-912

References