cbcvebase.
CVE-2025-30184
published 2025-06-09

CVE-2025-30184: CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path.

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.47%
37.0th percentile
CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path.

Affected

2 ranges
VendorProductVersion rangeFixed in
cyberdata011209_sip_emergency_intercom< 22.0.122.0.1
cyberdata011209_sip_emergency_intercom_firmware< 22.0.122.0.1

Detection & IOCsextracted from sources · hover to see the quote

  • Authentication bypass via alternate path or channel (CWE-288) allows unauthenticated access to the Web Interface of CyberData 011209 SIP Emergency Intercom; monitor for unauthenticated HTTP requests reaching protected web interface endpoints on affected devices running firmware prior to 22.0.1.
  • Missing authentication for critical function (CWE-306) exposes features that can be abused by unauthenticated remote attackers to cause denial-of-service or system disruption; monitor for unexpected unauthenticated requests to critical function endpoints.
  • Blind SQL injection (CWE-89) by unauthenticated users can be used to exfiltrate sensitive information; monitor for SQL injection patterns in HTTP request parameters to the intercom web interface.
  • Insufficiently protected credentials (CWE-522): web server admin credentials are not properly stored or protected; monitor for unauthorized credential access or exposure via the web interface.
  • Path traversal via '.../...//' sequences (CWE-35) allows authenticated attackers to upload arbitrary files to arbitrary locations; monitor for HTTP file upload requests containing traversal sequences such as '.../...//' in file paths.
  • ·All five vulnerabilities (CVE-2025-30184, CVE-2025-26468, CVE-2025-30507, CVE-2025-30183, CVE-2025-30515) affect CyberData 011209 SIP Emergency Intercom firmware versions prior to 22.0.1 only; devices running v22.0.1 or later are not affected.
  • ·No known public exploitation specifically targeting these vulnerabilities has been reported at time of advisory publication; threat landscape may change.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.