CVE-2025-30515
published 2025-06-09CVE-2025-30515: CyberData 011209 Intercom could allow an authenticated attacker to upload arbitrary files to multiple locations within the system.
PriorityP358high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.51%
39.5th percentile
CyberData 011209 Intercom
could allow an authenticated attacker to upload arbitrary files to multiple locations within the system.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cyberdata | 011209_sip_emergency_intercom | < 22.0.1 | 22.0.1 |
| cyberdata | 011209_sip_emergency_intercom_firmware | < 22.0.1 | 22.0.1 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m3fg-4m85-w9f7: CyberData 011209 Intercom
could allow an authenticated attacker to upload arbitrary files to multiple locations within the system
ghsa_unreviewed·2025-06-10
CVE-2025-30515 [CRITICAL] CWE-35 GHSA-m3fg-4m85-w9f7: CyberData 011209 Intercom
could allow an authenticated attacker to upload arbitrary files to multiple locations within the system
CyberData 011209 Intercom
could allow an authenticated attacker to upload arbitrary files to multiple locations within the system.
CISA ICS
CyberData 011209 SIP Emergency Intercom
cisa_ics·2025-06-05·CVSS 7.5
[HIGH] CyberData 011209 SIP Emergency Intercom
ICS Advisory
##
CyberData 011209 SIP Emergency Intercom
Release DateJune 05, 2025
Alert CodeICSA-25-155-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: CyberData
- Equipment: 011209 SIP Emergency Intercom
- Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Missing Authentication for Critical Function, SQL Injection, Insufficiently Protected Credentials, Path Traversal: '.../...//'
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, cause a denial-of-service condition, or achieve code execution.
## 3
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-06-09
Published