Cyber Resilience

CVE-2025-61880

HighRCE

Published: 12 February 2026

Published
12 February 2026
Modified
19 February 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0057 42.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-61880 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Infoblox Nios. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 42.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-61880 affects Infoblox NIOS through version 9.0.7 and stems from insecure deserialization, which can lead to remote code execution. Published on 2026-02-12, the vulnerability is classified under CWE-502 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

An attacker with low privileges, such as an authenticated user, can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation allows the attacker to achieve high impacts on confidentiality, integrity, and availability, culminating in remote code execution on the affected system.

Infoblox has published details on this vulnerability, including CVE-2025-61879, in their security advisories available at https://infoblox.com and https://support.infoblox.com/s/article/CVE-2025-61879-and-CVE-2025-61880, where practitioners can find guidance on patches and mitigation steps.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

In Infoblox NIOS through 9.0.7, insecure deserialization can result in remote code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

The vulnerability enables remote code execution via insecure deserialization in Infoblox NIOS, a remote network service, directly mapping to Exploitation of Remote Services (T1210). Requires low-privilege authentication, fitting the technique's scope.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-36047Same product: Infoblox Nios
CVE-2025-61879Same product: Infoblox Nios
CVE-2024-37566Same product: Infoblox Nios
CVE-2024-36046Same product: Infoblox Nios
CVE-2024-37567Same product: Infoblox Nios
CVE-2024-57764Shared CWE-502
CVE-2026-35337Shared CWE-502
CVE-2025-26866Shared CWE-502
CVE-2025-27816Shared CWE-502
CVE-2026-25769Shared CWE-502

Affected Assets

infoblox
nios
8.5.2, 9.0.1, 9.0.2, 9.0.3, 9.0.4 · 8.6.0 — 8.6.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation directly addresses the insecure deserialization vulnerability by applying vendor patches for Infoblox NIOS versions through 9.0.7.

prevent

Information input validation prevents insecure deserialization by ensuring untrusted data is properly checked before processing, blocking malicious payloads leading to RCE.

prevent

Memory protection mechanisms like ASLR and DEP mitigate remote code execution exploitation arising from insecure deserialization.

References