CVE-2025-0681 MEDIUM

CVE-2025-0681: New Rock Technologies Cloud Connected Devices Improper Neutralization of Wildcards or Matching Symbols

Vendor New Rock Technologies
Product OM500 IP-PBX
Weakness CWE-155
Published January 30, 2025
Last update January 30, 2025

CVSS base score

6.9/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

The Cloud MQTT service of the affected products supports wildcard topic subscription which could allow an attacker to obtain sensitive information from tapping the service communications.

Key dates

02Disclosure timeline

January 30, 2025 CVE published
January 30, 2025 Record updated