CVE-2025-41378 MEDIUM

CVE-2025-41378: Injection vulnerability in Iridium Certus 700

Vendor Intellian Technologies
Product Iridium Certus 700
Weakness CWE-20 · Input validation
Published May 23, 2025
Last update May 27, 2025

CVSS base score

6.9/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

The SSID field is not parsed correctly and can be used to inject commands into the hostpad.conf file. This can be exploited by an attacker to extend his knowledge of the system and compromise other devices. The information is filtered by the logs function of the web panel.

Key dates

02Disclosure timeline

May 23, 2025 CVE published
May 27, 2025 Record updated