{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-27262", "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "state": "PUBLISHED", "assignerShortName": "ERIC", "dateReserved": "2025-02-21T08:58:20.367Z", "datePublished": "2025-09-25T14:43:29.803Z", "dateUpdated": "2025-09-25T15:27:05.382Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Indoor Connect 8855", "vendor": "Ericsson", "versions": [{"changes": [{"at": "2025.Q2", "status": "unaffected"}], "lessThan": "2025.Q2", "status": "affected", "version": "0", "versionType": "Indoor Connect 8855"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Telstra"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Ericsson\nIndoor Connect 8855 contains a command injection vulnerability which if\nexploited can lead to loss of integrity and confidentiality, as well as\nunauthorized disclosure and modification of user and configuration data. It\nmay also be possible to execute commands with escalated privileges, impact\nservice availability, as well as modify system files and configuration\ndata.</p>"}], "value": "Ericsson\nIndoor Connect 8855 contains a command injection vulnerability which if\nexploited can lead to loss of integrity and confidentiality, as well as\nunauthorized disclosure and modification of user and configuration data. It\nmay also be possible to execute commands with escalated privileges, impact\nservice availability, as well as modify system files and configuration\ndata."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.5, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "shortName": "ERIC", "dateUpdated": "2025-09-25T14:43:29.803Z"}, "references": [{"url": "https://www.ericsson.com/en/about-us/security/psirt/e2025-09-25"}], "source": {"discovery": "UNKNOWN"}, "title": "Ericsson Indoor Connect 8855 - Improper Neutralization of Special Elements used in an OS Command Vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-25T15:18:14.273331Z", "id": "CVE-2025-27262", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-25T15:27:05.382Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-27262", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-09-25T15:18:14.273331Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-25T15:27:02.551Z"}}], "cna": {"title": "Ericsson Indoor Connect 8855 - Improper Neutralization of Special Elements used in an OS Command Vulnerability", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Telstra"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Ericsson", "product": "Indoor Connect 8855", "versions": [{"status": "affected", "changes": [{"at": "2025.Q2", "status": "unaffected"}], "version": "0", "lessThan": "2025.Q2", "versionType": "Indoor Connect 8855"}], "defaultStatus": "affected"}], "references": [{"url": "https://www.ericsson.com/en/about-us/security/psirt/e2025-09-25"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Ericsson\nIndoor Connect 8855 contains a command injection vulnerability which if\nexploited can lead to loss of integrity and confidentiality, as well as\nunauthorized disclosure and modification of user and configuration data. It\nmay also be possible to execute commands with escalated privileges, impact\nservice availability, as well as modify system files and configuration\ndata.", "supportingMedia": [{"type": "text/html", "value": "<p>Ericsson\nIndoor Connect 8855 contains a command injection vulnerability which if\nexploited can lead to loss of integrity and confidentiality, as well as\nunauthorized disclosure and modification of user and configuration data. It\nmay also be possible to execute commands with escalated privileges, impact\nservice availability, as well as modify system files and configuration\ndata.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "shortName": "ERIC", "dateUpdated": "2025-09-25T14:43:29.803Z"}}}, "cveMetadata": {"cveId": "CVE-2025-27262", "state": "PUBLISHED", "dateUpdated": "2025-09-25T15:27:05.382Z", "dateReserved": "2025-02-21T08:58:20.367Z", "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "datePublished": "2025-09-25T14:43:29.803Z", "assignerShortName": "ERIC"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Ericsson\nIndoor Connect 8855 contains a command injection vulnerability which if\nexploited can lead to loss of integrity and confidentiality, as well as\nunauthorized disclosure and modification of user and configuration data. It\nmay also be possible to execute commands with escalated privileges, impact\nservice availability, as well as modify system files and configuration\ndata."}], "id": "CVE-2025-27262", "lastModified": "2025-09-26T14:32:53.583", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "type": "Secondary"}]}, "published": "2025-09-25T15:16:10.737", "references": [{"source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "url": "https://www.ericsson.com/en/about-us/security/psirt/e2025-09-25"}], "sourceIdentifier": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "type": "Secondary"}]}

{}

{"created": "2025-09-26T11:35:46.041157+00:00", "updated": "2025-09-26T11:35:46.041211+00:00", "vendors": ["ericsson", "ericsson$PRODUCT$indoor_connect_8855"]}