CVE-2025-5087
published 2025-06-24CVE-2025-5087: Kaleris NAVIS N4 ULC (Ultra Light Client) communicates insecurely using zlib-compressed data over HTTP. An attacker capable of observing network traffic…
PriorityP429medium6CVSS 4.0
AVNACHATNPRNUIPVCHVINVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.21%
11.6th percentile
Kaleris NAVIS N4 ULC (Ultra Light Client) communicates insecurely using zlib-compressed data over HTTP. An attacker capable of observing network traffic between Ultra Light Clients and N4 servers can extract sensitive information, including plaintext credentials.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kaleris | navis_n4 | < 4.0 | 4.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wq9q-jvph-86fj: Kaleris NAVIS N4 ULC (Ultra Light Client) communicates insecurely using zlib-compressed data over HTTP
ghsa_unreviewed·2025-06-24
CVE-2025-5087 [MEDIUM] CWE-319 GHSA-wq9q-jvph-86fj: Kaleris NAVIS N4 ULC (Ultra Light Client) communicates insecurely using zlib-compressed data over HTTP
Kaleris NAVIS N4 ULC (Ultra Light Client) communicates insecurely using zlib-compressed data over HTTP. An attacker capable of observing network traffic between Ultra Light Clients and N4 servers can extract sensitive information, including plaintext credentials.
CISA ICS
Kaleris Navis N4 Terminal Operating System
cisa_ics·2025-06-24·CVSS 9.3
[CRITICAL] Kaleris Navis N4 Terminal Operating System
ICS Advisory
##
Kaleris Navis N4 Terminal Operating System
Release DateJune 24, 2025
Alert CodeICSA-25-175-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Kaleris
- Equipment: Navis N4
- Vulnerabilities: Deserialization of Untrusted Data, Cleartext Transmission of Sensitive Information
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to remotely exploit the operating system, achieve remote code execution, or extract sensitive information.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Kaleris Navis N4, a terminal operating sy
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-06-24
Published