An Improper Filtering of Special Elements vulnerability allows an attacker to supply specially crafted input that is not properly validated, resulting in unauthorized modification of certain information on the device. The flaw compromises data integrity by permitting changes to device configuration or other sensitive data, potentially altering device behavior. This weakness is categorized as CWE-790, which relates to improper evaluation of user-supplied data. The specific attack vector is not stated in the CVE description; it is inferred that an attacker could exploit the flaw by transmitting special inputs—such as through configuration files, network commands, or other interfaces—to the device.

All Ericsson Indoor Connect 8855 devices running firmware revisions earlier than 2025.Q3 are affected. The vulnerability applies to all firmware versions prior to the 2025.Q3 release, encompassing hardware units that have not yet received the updated firmware. Devices in this scope should be identified and updated promptly.

The CVSS score of 7.2 indicates a moderate to high severity, and an EPSS score below 1% suggests a low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Exploitation would require an attacker to deliver special input to the device, a condition inferred from the description but not explicitly detailed. Given the severity and potential for unauthorized data modification, administrators should prioritize assessment and remediation.