CVE-2025-61880
Published: 12 February 2026
Description
In Infoblox NIOS through 9.0.7, insecure deserialization can result in remote code execution.
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation directly addresses the insecure deserialization vulnerability by applying vendor patches for Infoblox NIOS versions through 9.0.7.
Information input validation prevents insecure deserialization by ensuring untrusted data is properly checked before processing, blocking malicious payloads leading to RCE.
Memory protection mechanisms like ASLR and DEP mitigate remote code execution exploitation arising from insecure deserialization.
Security SummaryAI
CVE-2025-61880 affects Infoblox NIOS through version 9.0.7 and stems from insecure deserialization, which can lead to remote code execution. Published on 2026-02-12, the vulnerability is classified under CWE-502 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.
An attacker with low privileges, such as an authenticated user, can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation allows the attacker to achieve high impacts on confidentiality, integrity, and availability, culminating in remote code execution on the affected system.
Infoblox has published details on this vulnerability, including CVE-2025-61879, in their security advisories available at https://infoblox.com and https://support.infoblox.com/s/article/CVE-2025-61879-and-CVE-2025-61880, where practitioners can find guidance on patches and mitigation steps.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables remote code execution via insecure deserialization in Infoblox NIOS, a remote network service, directly mapping to Exploitation of Remote Services (T1210). Requires low-privilege authentication, fitting the technique's scope.