CVE-2025-0681
published 2025-01-30CVE-2025-0681: The Cloud MQTT service of the affected products supports wildcard topic subscription which could allow an attacker to obtain sensitive information from tapping…
PriorityP425medium6.2CVSS 3.1
AVLACLPRNUINSUCHINAN
EPSS
0.18%
7.3th percentile
The Cloud MQTT service of the affected products supports wildcard topic
subscription which could allow an attacker to obtain sensitive
information from tapping the service communications.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| new_rock_technologies | mx8g_voip_gateway | — | — |
| new_rock_technologies | nrp1302_p_desktop_ip_phone | — | — |
| new_rock_technologies | om500_ip-pbx | — | — |
CVSS provenance
nvdv3.16.2MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv4.06.9MEDIUMCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
New Rock Technologies Cloud Connected Devices
cisa_ics·2025-01-30·CVSS 9.3
[CRITICAL] New Rock Technologies Cloud Connected Devices
ICS Advisory
##
New Rock Technologies Cloud Connected Devices
Release DateJanuary 30, 2025
Alert CodeICSA-25-030-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: New Rock Technologies
- Equipment: Cloud Connected Devices
- Vulnerabilities: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Neutralization of Wildcards or Matching Symbols
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker full control of the device.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of New Rock Technologi
GHSA
GHSA-34cc-vppq-rvhp: The Cloud MQTT service of the affected products supports wildcard topic
subscription which could allow an attacker to obtain sensitive
information fro
ghsa_unreviewed·2025-01-30
CVE-2025-0681 [MEDIUM] CWE-155 GHSA-34cc-vppq-rvhp: The Cloud MQTT service of the affected products supports wildcard topic
subscription which could allow an attacker to obtain sensitive
information fro
The Cloud MQTT service of the affected products supports wildcard topic
subscription which could allow an attacker to obtain sensitive
information from tapping the service communications.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-01-30
Published