CVE-2025-22937

CriticalPublic PoC

Published: 31 March 2025

Published

31 March 2025

Modified

18 August 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0034 56.8th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-22937 is a critical-severity Improper Privilege Management (CWE-269) vulnerability in Adtran 411 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 43.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires organizations to identify, report, and correct system flaws like this privilege escalation vulnerability through timely firmware patching.

AC-6 Least Privilege good match

prevent

Enforces the principle of least privilege, directly countering the improper privilege management (CWE-269) that enables remote privilege escalation.

AC-3 Access Enforcement good match

prevent

Mandates enforcement of approved access authorizations, preventing attackers from escalating privileges via unauthorized access to system resources.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Remote unauthenticated privilege escalation vulnerability on a network-accessible device directly maps to T1068 (Exploitation for Privilege Escalation) for gaining admin control and T1190 (Exploit Public-Facing Application) for remote exploitation of the device's management interface.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

An issue in Adtran 411 ONT vL80.00.0011.M2 allows attackers to escalate privileges via unspecified vectors.

Deeper analysisAI

CVE-2025-22937 is a privilege escalation vulnerability affecting the Adtran 411 ONT running firmware version vL80.00.0011.M2. The issue, linked to CWE-269 (Improper Privilege Management), allows attackers to elevate privileges through unspecified vectors. It carries a CVSS v3.1 base score of 9.8 (Critical), reflecting network accessibility, low attack complexity, no required privileges or user interaction, and high impacts on confidentiality, integrity, and availability.

Remote attackers with network access to the affected ONT can exploit this vulnerability without authentication. Successful exploitation enables privilege escalation, potentially granting full administrative control over the device and leading to complete compromise, including data access, modification, or disruption of optical network terminal functions.

Advisories and further details on mitigation, including potential patches, are available in referenced sources such as https://drive.google.com/file/d/1levaZk5aC6g6a2zPW8xlOIVAu9MFYvAz/view and https://lanrat.com/posts/adtran-isp-hacking/. Security practitioners should consult these for vendor-specific remediation guidance. The CVE was published on 2025-03-31.