CVE-2025-2566 CRITICAL

CVE-2025-2566: Deserialization of Untrusted Data in Kaleris Navis N4

Vendor Kaleris

Product Navis N4

Weakness CWE-502 · Unsafe deserialization

Published June 24, 2025

Last update June 24, 2025

View on NVD All CVEs

CVSS base score

9.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Kaleris NAVIS N4 ULC (Ultra Light Client) contains an unsafe Java deserialization vulnerability. An unauthenticated attacker can make specially crafted requests to execute arbitrary code on the server.

Key dates

02Disclosure timeline

June 24, 2025 CVE published

June 24, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-2566

Related vulnerabilities

CVE-2025-2566: Deserialization of Untrusted Data in Kaleris Navis N4

01Description

02Disclosure timeline

03References

04Related CVE