CVE-2025-41379: Injection vulnerability in Iridium Certus 700
Description
The Intellian C700 web panel allows you to add firewall rules. Each of these rules has an associated ID, but there is a problem when adding a new rule, the ID used to create the database entry may be different from the JSON ID. If the rule needs to be deleted later, the system will use the JSON ID and therefore fail. This can be exploited by an attacker to create rules that cannot be deleted unless the device is reset to factory defaults.
Classification
CVE ID: CVE-2025-41379
CVSS Base Severity: MEDIUM
CVSS Base Score: 6.3
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
Problem Types
CWE-20 Improper Input ValidationAffected Products
Vendor: Intellian Technologies
Product: Iridium Certus 700
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.09% (probability of being exploited)
EPSS Percentile: 27.63% (scored less or equal to compared to others)
EPSS Date: 2025-06-18 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-41379https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-intellian-technologies-iridium-certus