CVE 9.1 CRITICAL

CVE-2025-61235_CVE-2025-61235

October 29, 2025 invoker category_cve

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Description

An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public documentation can be crafted, where some fields can contain arbitrary or trivial data. Normally, such data should cause the device to reject the packet. However, due to a lack of validation, the device accepts it with no authetication and triggers the functionality instead.

AI Analysis

Unauthenticated arbitrary packet processing vulnerability in Dataphone A920

Basic Information

ID CVE-2025-61235

Source mitre

Published Oct 28, 2025 at 00:00

Modified Oct 29, 2025 at 13:57

Affected Product

Vendor Dataphone

Product Dataphone A920

Version v2025.07.161103

Affected Versions n/a n/a n/a

CWE Classification

CWE-20

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor Dataphone

Product Dataphone A920

Version v2025.07.161103

References

github.com /stuxve/poc-dataphone-crafted-packet

{
    "lastseen": "",
    "description": "An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public documentation can be crafted, where some fields can contain arbitrary or trivial data. Normally, such data should cause the device to reject the packet. However, due to a lack of validation, the device accepts it with no authetication and triggers the functionality instead.",
    "published": "2025-10-28T00:00:00.000Z",
    "modified": "2025-10-29T13:57:25.919Z",
    "type": "cve",
    "title": "CVE-2025-61235",
    "source": "mitre",
    "references": "https://github.com/stuxve/poc-dataphone-crafted-packet",
    "id": "CVE-2025-61235",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Dataphone A920",
    "version": "v2025.07.161103",
    "vendor": "Dataphone",
    "ai_description": "Unauthenticated arbitrary packet processing vulnerability in Dataphone A920",
    "ai_severity": "Critical",
    "ai_vendor": "Dataphone",
    "ai_product": "Dataphone A920",
    "ai_version": "v2025.07.161103",
    "ai_score": 9.1
}

💭 Join the Security Discussion ❌ Cancel Reply