CVE 9.3 CRITICAL

Iskra iHUB and iHUB Lite has a Missing Authentication for Critical Function vulnerabilitiy_CVE-2025-13510

December 2, 2025 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

The Iskra iHUB and iHUB Lite smart metering gateway exposes its web management interface without requiring authentication, allowing unauthenticated users to access and modify critical device settings.

AI Analysis

Unauthenticated access to critical device settings due to missing authentication in the web management interface

Basic Information

ID CVE-2025-13510

Source icscert

Published Dec 2, 2025 at 19:28

Modified Dec 2, 2025 at 19:36

Affected Product

Vendor Iskra

Product iHUB and iHUB Lite

Version All versions

Affected Versions Iskra iHUB and iHUB Lite All versions

CWE Classification

CWE-306

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Iskra

Product iHUB and iHUB Lite

Version All versions

References

www.cisa.gov /news-events/ics-advisories/icsa-25-336-02

{
    "lastseen": "",
    "description": "The Iskra iHUB and iHUB Lite smart metering gateway exposes its web management interface without requiring authentication, allowing unauthenticated users to access and modify critical device settings.",
    "published": "2025-12-02T19:28:23.063Z",
    "modified": "2025-12-02T19:36:03.889Z",
    "type": "cve",
    "title": "Iskra iHUB and iHUB Lite has a Missing Authentication for Critical Function vulnerabilitiy",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-336-02",
    "id": "CVE-2025-13510",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "Iskra iHUB and iHUB Lite All versions",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "iHUB and iHUB Lite",
    "version": "All versions",
    "vendor": "Iskra",
    "ai_description": "Unauthenticated access to critical device settings due to missing authentication in the web management interface",
    "ai_severity": "Critical",
    "ai_vendor": "Iskra",
    "ai_product": "iHUB and iHUB Lite",
    "ai_version": "All versions",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply