Cyber Posture

CVE-2025-27260

High

Published: 25 March 2026

Published
25 March 2026
Modified
27 March 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0003 10.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27260 is a high-severity Improper Filtering of Special Elements (CWE-790) vulnerability in Ericsson Indoor Connect 8855 Firmware. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 10.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Timely flaw remediation directly addresses this specific improper filtering vulnerability by applying vendor patches to prevent unauthorized information modification.

SI-10 Information Input Validation good match
prevent

Information input validation comprehensively mitigates improper filtering of special elements by enforcing checks at input interfaces to block exploitation leading to data modification.

SI-7 Software, Firmware, and Information Integrity good match
detect

Software, firmware, and information integrity verification detects unauthorized modifications resulting from exploitation of the filtering vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1565 Data Manipulation Impact
Adversaries may insert, delete, or manipulate data in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
attack.mitre.org →
Why these techniques?

Remote unauthenticated network exploit of public-facing app (T1190) directly enables unauthorized data modification (T1565).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special Elements vulnerability which, if exploited, can lead to unauthorized modification of certain information

Deeper analysisAI

CVE-2025-27260 is an Improper Filtering of Special Elements vulnerability (CWE-790) in Ericsson Indoor Connect 8855 versions prior to 2025.Q3. Published on 2026-03-25, it enables unauthorized modification of certain information if exploited. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N), reflecting high severity driven by network accessibility, low attack complexity, no required privileges or user interaction, and high integrity impact without affecting confidentiality or availability.

A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction. Successful exploitation allows the attacker to modify certain information without authorization, potentially compromising the integrity of the affected Indoor Connect 8855 system.

Ericsson has issued advisories on the vulnerability, including details at https://www.ericsson.com/en/about-us/security/psirt/CVE-2025-27260 and a security bulletin for Indoor Connect at https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-indoorconnect-march-2026. Security practitioners should consult these resources for recommended mitigations and patching instructions.

Details

CWE(s)
CWE-790

Affected Products

ericsson
indoor connect 8855 firmware
≤ 2025.q3

CVEs Like This One

CVE-2025-40836Same product: Ericsson Indoor Connect 8855
CVE-2026-25660Same vendor: Ericsson
CVE-2024-53829Same vendor: Ericsson
CVE-2026-2328Shared CWE-790
CVE-2025-15576Shared CWE-790

References