{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-27260", "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "state": "PUBLISHED", "assignerShortName": "ERIC", "dateReserved": "2025-02-21T08:58:20.367Z", "datePublished": "2026-03-25T12:54:46.406Z", "dateUpdated": "2026-03-25T13:50:33.976Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "shortName": "ERIC", "dateUpdated": "2026-03-25T13:18:23.060Z"}, "title": "Ericsson Indoor Connect 8855 - Improper Filtering of Special Elements Vulnerability", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-790", "description": "CWE-790", "type": "CWE"}]}], "affected": [{"vendor": "Ericsson", "product": "Indoor Connect 8855", "versions": [{"status": "affected", "version": "0", "lessThan": "2025.Q3", "changes": [{"at": "2025.Q3", "status": "unaffected"}], "versionType": "custom"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Ericsson\nIndoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special\nElements\u00a0vulnerability which, if exploited, can lead to unauthorized\nmodification of certain information", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Ericsson\nIndoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special\nElements vulnerability which, if exploited, can lead to unauthorized\nmodification of certain information"}]}], "references": [{"url": "https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-indoorconnect-march-2026"}, {"url": "https://www.ericsson.com/en/about-us/security/psirt/CVE-2025-27260"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "credits": [{"lang": "en", "value": "Telstra", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-25T13:50:26.371520Z", "id": "CVE-2025-27260", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T13:50:33.976Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-27260", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-25T13:50:26.371520Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T13:50:30.293Z"}}], "cna": {"title": "Ericsson Indoor Connect 8855 - Improper Filtering of Special Elements Vulnerability", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Telstra"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.2, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Ericsson", "product": "Indoor Connect 8855", "versions": [{"status": "affected", "changes": [{"at": "2025.Q3", "status": "unaffected"}], "version": "0", "lessThan": "2025.Q3", "versionType": "custom"}], "defaultStatus": "affected"}], "references": [{"url": "https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-indoorconnect-march-2026"}, {"url": "https://www.ericsson.com/en/about-us/security/psirt/CVE-2025-27260"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Ericsson\nIndoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special\nElements\u00a0vulnerability which, if exploited, can lead to unauthorized\nmodification of certain information", "supportingMedia": [{"type": "text/html", "value": "Ericsson\nIndoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special\nElements vulnerability which, if exploited, can lead to unauthorized\nmodification of certain information", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-790", "description": "CWE-790"}]}], "providerMetadata": {"orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "shortName": "ERIC", "dateUpdated": "2026-03-25T13:18:23.060Z"}}}, "cveMetadata": {"cveId": "CVE-2025-27260", "state": "PUBLISHED", "dateUpdated": "2026-03-25T13:50:33.976Z", "dateReserved": "2025-02-21T08:58:20.367Z", "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "datePublished": "2026-03-25T12:54:46.406Z", "assignerShortName": "ERIC"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ericsson:indoor_connect_8855_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "37C4F98B-D38A-47A6-B294-23A5E6291A81", "versionEndExcluding": "2025.q3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ericsson:indoor_connect_8855:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B0C1261-B15A-4D91-AC65-9834D16A94F1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Ericsson\nIndoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special\nElements\u00a0vulnerability which, if exploited, can lead to unauthorized\nmodification of certain information"}, {"lang": "es", "value": "Ericsson\nLas versiones de Indoor Connect 8855 anteriores a 2025.Q3 contienen una vulnerabilidad de Filtrado Inadecuado de Elementos Especiales que, si se explota, puede conducir a la modificaci\u00f3n no autorizada de cierta informaci\u00f3n."}], "id": "CVE-2025-27260", "lastModified": "2026-03-27T18:33:18.243", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "type": "Secondary"}]}, "published": "2026-03-25T14:16:30.100", "references": [{"source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "tags": ["Vendor Advisory"], "url": "https://www.ericsson.com/en/about-us/security/psirt/CVE-2025-27260"}, {"source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "tags": ["Vendor Advisory"], "url": "https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-indoorconnect-march-2026"}], "sourceIdentifier": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-790"}], "source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2025.Q3)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[2025.Q3,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Indoor Connect 8855", "source": "cna", "vendor": "Ericsson"}, "product": "indoor_connect_8855", "vendor": "ericsson"}], "analysis": {"en": {"generated_at": "2026-03-27T20:30:04.420572+00:00", "value": {"mitigation_remediation": ["Apply the Ericsson Indoor Connect 8855 firmware update to version 2025.Q3 or later on all affected devices.", "Verify the firmware revision through the device management interface to confirm the update was applied correctly.", "If an immediate update cannot be performed, isolate the device from external networks or restrict its access until the patch is applied.", "After applying the patch, monitor device logs for any unexpected configuration changes to validate system integrity."], "summary": {"action": "Immediate Patch", "impact": "Unauthorized modification of certain information"}, "threat_synthesis": {"affected_systems": "All Ericsson Indoor Connect 8855 devices running firmware revisions earlier than 2025.Q3 are affected. The vulnerability applies to all firmware versions prior to the 2025.Q3 release, encompassing hardware units that have not yet received the updated firmware. Devices in this scope should be identified and updated promptly.", "description_and_impact": "An Improper Filtering of Special Elements vulnerability allows an attacker to supply specially crafted input that is not properly validated, resulting in unauthorized modification of certain information on the device. The flaw compromises data integrity by permitting changes to device configuration or other sensitive data, potentially altering device behavior. This weakness is categorized as CWE-790, which relates to improper evaluation of user-supplied data. The specific attack vector is not stated in the CVE description; it is inferred that an attacker could exploit the flaw by transmitting special inputs\u2014such as through configuration files, network commands, or other interfaces\u2014to the device.", "risk_and_exploitability": "The CVSS score of 7.2 indicates a moderate to high severity, and an EPSS score below 1% suggests a low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Exploitation would require an attacker to deliver special input to the device, a condition inferred from the description but not explicitly detailed. Given the severity and potential for unauthorized data modification, administrators should prioritize assessment and remediation."}}}}, "created": "2026-03-25T21:31:18.172646+00:00", "updated": "2026-03-29T20:28:29.083905+00:00", "vendors": ["ericsson", "ericsson$PRODUCT$indoor_connect_8855"]}