Unauthenticated SQL-injection in password field_CVE-2025-59814

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

This vulnerability allows malicious actors to gain unauthorized access to the Zenitel ICX500 and ICX510 Gateway Billing Admin endpoint, enabling them to read the entire contents of the Billing Admin database.

Basic Information

ID CVE-2025-59814

Source NCSC-NL

Published Sep 25, 2025 at 19:29

Affected Product

Vendor Zenitel

Product ICX500

Version <1.4.3.3

Affected Versions Zenitel ICX500 <1.4.3.3
Zenitel ICX510 <1.4.3.3

CWE Classification

CWE-89

References

{
    "lastseen": "",
    "description": "This vulnerability allows malicious actors to gain unauthorized access to the Zenitel ICX500 and ICX510 Gateway Billing Admin endpoint, enabling them to read the entire contents of the Billing Admin database.",
    "published": "2025-09-25T19:29:34.809Z",
    "modified": "2025-09-25T19:29:34.809Z",
    "type": "cve",
    "title": "Unauthenticated SQL-injection in password field",
    "source": "NCSC-NL",
    "references": "https://wiki.zenitel.com/wiki/ICX_1.4.3.X_-_Release_Notes\nhttps://wiki.zenitel.com/wiki/Downloads#ICX-AlphaCom_System",
    "id": "CVE-2025-59814",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "Zenitel ICX500 <1.4.3.3\nZenitel ICX510 <1.4.3.3",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ICX500",
    "version": "<1.4.3.3",
    "vendor": "Zenitel",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}