CVE-2025-30507
published 2025-06-09CVE-2025-30507: CyberData 011209 Intercom could allow an unauthenticated user to gather sensitive information through blind SQL injections.
PriorityP346high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.32%
23.4th percentile
CyberData 011209 Intercom could allow an unauthenticated user to gather sensitive information through blind SQL injections.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cyberdata | 011209_sip_emergency_intercom | < 22.0.1 | 22.0.1 |
| cyberdata | 011209_sip_emergency_intercom_firmware | < 22.0.1 | 22.0.1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-98mq-29fh-72m6: CyberData 011209 Intercom could allow an unauthenticated user to gather sensitive information through blind SQL injections
ghsa_unreviewed·2025-06-10
CVE-2025-30507 [MEDIUM] CWE-89 GHSA-98mq-29fh-72m6: CyberData 011209 Intercom could allow an unauthenticated user to gather sensitive information through blind SQL injections
CyberData 011209 Intercom could allow an unauthenticated user to gather sensitive information through blind SQL injections.
CISA ICS
CyberData 011209 SIP Emergency Intercom
cisa_ics·2025-06-05·CVSS 7.5
[HIGH] CyberData 011209 SIP Emergency Intercom
ICS Advisory
##
CyberData 011209 SIP Emergency Intercom
Release DateJune 05, 2025
Alert CodeICSA-25-155-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: CyberData
- Equipment: 011209 SIP Emergency Intercom
- Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Missing Authentication for Critical Function, SQL Injection, Insufficiently Protected Credentials, Path Traversal: '.../...//'
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, cause a denial-of-service condition, or achieve code execution.
## 3
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-06-09
Published