CVE-2025-5087 MEDIUM

CVE-2025-5087: Cleartext Transmission of Sensitive Information in Kaleris Navis N4

Vendor Kaleris
Product Navis N4
Weakness CWE-319 · Cleartext transmission
Published June 24, 2025
Last update June 24, 2025

CVSS base score

6.0/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Kaleris NAVIS N4 ULC (Ultra Light Client) communicates insecurely using zlib-compressed data over HTTP. An attacker capable of observing network traffic between Ultra Light Clients and N4 servers can extract sensitive information, including plaintext credentials.

Key dates

02Disclosure timeline

June 24, 2025 CVE published
June 24, 2025 Record updated