Cyber Posture

CVE-2025-61880

HighRCE

Published: 12 February 2026

Published
12 February 2026
Modified
19 February 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0045 63.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-61880 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Infoblox Nios. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 36.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation of Remote Services (T1210). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Flaw remediation directly addresses the insecure deserialization vulnerability by applying vendor patches for Infoblox NIOS versions through 9.0.7.

SI-10 Information Input Validation good match
prevent

Information input validation prevents insecure deserialization by ensuring untrusted data is properly checked before processing, blocking malicious payloads leading to RCE.

SI-16 Memory Protection partial match
prevent

Memory protection mechanisms like ASLR and DEP mitigate remote code execution exploitation arising from insecure deserialization.

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
Why these techniques?

The vulnerability enables remote code execution via insecure deserialization in Infoblox NIOS, a remote network service, directly mapping to Exploitation of Remote Services (T1210). Requires low-privilege authentication, fitting the technique's scope.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

In Infoblox NIOS through 9.0.7, insecure deserialization can result in remote code execution.

Deeper analysisAI

CVE-2025-61880 affects Infoblox NIOS through version 9.0.7 and stems from insecure deserialization, which can lead to remote code execution. Published on 2026-02-12, the vulnerability is classified under CWE-502 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

An attacker with low privileges, such as an authenticated user, can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation allows the attacker to achieve high impacts on confidentiality, integrity, and availability, culminating in remote code execution on the affected system.

Infoblox has published details on this vulnerability, including CVE-2025-61879, in their security advisories available at https://infoblox.com and https://support.infoblox.com/s/article/CVE-2025-61879-and-CVE-2025-61880, where practitioners can find guidance on patches and mitigation steps.

Details

CWE(s)
CWE-502

Affected Products

infoblox
nios
8.5.2, 9.0.1, 9.0.2, 9.0.3, 9.0.4 · 8.6.0 — 8.6.5

CVEs Like This One

CVE-2025-61879Same product: Infoblox Nios
CVE-2024-36046Same product: Infoblox Nios
CVE-2024-37567Same product: Infoblox Nios
CVE-2024-37566Same product: Infoblox Nios
CVE-2024-36047Same product: Infoblox Nios
CVE-2025-29783Shared CWE-502
CVE-2024-57764Shared CWE-502
CVE-2025-26866Shared CWE-502
CVE-2026-35337Shared CWE-502
CVE-2025-27816Shared CWE-502

References