CVE-2025-0675
Published: 07 February 2025
Summary
CVE-2025-0675 is a high-severity Hidden Functionality (CWE-912) vulnerability in Cisa (inferred from references). Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique System Information Discovery (T1082); ranked at the 26.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AU-13 (Monitoring for Information Disclosure).
Deeper analysis
CVE-2025-0675 is an information disclosure vulnerability affecting multiple Elber products, enabling unauthenticated access to device configuration data and client-side hidden functionality. Published on 2025-02-07, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and is linked to CWE-912 (Hidden Functionality).
Remote attackers require only network access and face low complexity barriers, with no privileges, authentication, or user interaction needed. Successful exploitation allows disclosure of sensitive configuration details and hidden features, resulting in high confidentiality impact without affecting integrity or availability.
The CISA ICS Advisory ICSA-25-035-03 provides details on mitigation strategies and affected products; practitioners should consult https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-03 for patches and remediation guidance.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-1811
Vulnerability details
Multiple Elber products suffer from an unauthenticated device configuration and client-side hidden functionality disclosure.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct unauthenticated disclosure of device configuration data and hidden functionality enables system information discovery (T1082) and access to configuration repositories (T1602).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly identifies, reports, and corrects the specific flaw in Elber products enabling unauthenticated disclosure of device configuration data.
Limits and authorizes only necessary actions without identification or authentication, preventing unauthenticated access to sensitive configuration and hidden functionality.
Monitors systems for unauthorized attempts to access sensitive configuration data, enabling detection of exploitation of this information disclosure vulnerability.