CVE-2025-8286
published 2025-07-31CVE-2025-8286: The affected products expose an unauthenticated Telnet-based command line interface that could allow an attacker to modify hardware configurations, manipulate…
PriorityP268critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.21%
64.4th percentile
The affected products expose an unauthenticated Telnet-based command line interface that could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| g_ralp_systems | g_ralp_fmus_series | — | — |
| g_ralp_systems | min_series_devices | — | — |
| msrc | cm1_curl_7.68.0-3_on_cbl_mariner_1.0 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Unauthenticated Telnet CLI is exposed on TCP port 4244; banner contains 'Welcome to ' and 'type "help" for a list of available commands'. Sending 'system info\n' returns 'Host Name: ' and 'Firmware Version: ' fields confirming a vulnerable Güralp FMUS/MIN device. ↗
- →FOFA fingerprint for internet-exposed devices: '"Welcome to " && "list of available commands" && port="4244"' ↗
- →No authentication challenge is presented on the Telnet interface; a bare newline ('\n') is sufficient to receive the banner, confirming missing authentication (CWE-306). ↗
- ·Affects ALL firmware versions of both Güralp FMUS Series Seismic Monitoring Devices and Güralp MIN Series Digitizing Devices (vers:all/*). Experimental firmware v2.1-29897 introduces Telnet authentication for Minimus-based products (Fortimus, Certimus) but is not a stable release. ↗
- ·No known public exploitation specifically targeting this vulnerability has been reported to CISA at time of advisory publication. ↗
CVSS provenance
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_msrc7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5qv2-823h-cg9j: Güralp FMUS series seismic monitoring devices expose an unauthenticated Telnet-based command line interface that
could allow an attacker to modify har
ghsa_unreviewed·2025-07-31
CVE-2025-8286 [CRITICAL] CWE-306 GHSA-5qv2-823h-cg9j: Güralp FMUS series seismic monitoring devices expose an unauthenticated Telnet-based command line interface that
could allow an attacker to modify har
Güralp FMUS series seismic monitoring devices expose an unauthenticated Telnet-based command line interface that
could allow an attacker to modify hardware configurations, manipulate
data, or factory reset the device.
CISA ICS
Güralp Systems FMUS Series and MIN Series Devices (Update B)
cisa_ics·2026-01-13·CVSS 9.3
[CRITICAL] Güralp Systems FMUS Series and MIN Series Devices (Update B)
ICS Advisory
##
Güralp Systems FMUS Series and MIN Series Devices (Update B)
Last RevisedJanuary 13, 2026
Alert CodeICSA-25-212-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
Successful exploitation of this vulnerability could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device.
The following versions of Güralp Systems FMUS Series and MIN Series Devices are affected:
- Güralp FMUS Series Seismic Monitoring Devices (CVE-2025-8286)
- Güralp MIN Series Digitizing Devices (CVE-2025-8286)
CVSS
Vendor
Equipment
Vulnerabilities
| v3 9.8
| Güralp Systems
| Güralp Systems FMUS Series and MIN Series Devices
| Missing Authentication for Critical Function
##
Microsoft
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
vendor_msrc·2020-12-08·CVSS 7.5
CVE-2020-8286 [HIGH] CWE-295 curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
hackerone: hacke
No detection rules found.
Nuclei
Güralp Systems FMUS Series - Unauthenticated Access
nuclei·CVSS 9.3
CVE-2025-8286 [CRITICAL] Güralp Systems FMUS Series - Unauthenticated Access
Güralp Systems FMUS Series - Unauthenticated Access
Güralp Systems FMUS Series Seismic Monitoring Devices expose an unauthenticated Telnet-based command line interface that allows attackers to modify hardware configurations, manipulate data, or factory reset the device.
Template:
id: CVE-2025-8286
info:
name: Güralp Systems FMUS Series - Unauthenticated Access
severity: critical
author: darses
description: |
Güralp Systems FMUS Series Seismic Monitoring Devices expose an unauthenticated Telnet-based command line interface that allows attackers to modify hardware configurations, manipulate data, or factory reset the device.
impact: |
Successful exploitation of this vulnerability could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device.
refe
No writeups or analysis indexed.
2025-07-31
Published