CVE-2025-0674

Summary

Multiple Elber products are affected by an authentication bypass vulnerability which allows unauthorized access to the password management functionality. Attackers can exploit this issue by manipulating the endpoint to overwrite any user's password within the system. This grants them unauthorized administrative access to protected areas of the application, compromising the device's system security.

Affected Software

VendorProductVersion RangeStatus
ElberSignum DVB-S/S2 IRD0 <= 1.999affected
ElberCleber/3 Broadcast Multi-Purpose Platform1.0affected
ElberReble610 M/ODU XPIC IP-ASI-SDH0.01affected
ElberESE DVB-S/S2 Satellite Receiver0 <= 1.5.179affected
ElberWayber Analog/Digital Audio STL4affected

Weaknesses

  • CWE-288: CWE-288

Workarounds

Elber does not plan to mitigate these vulnerabilities because this equipment is either end of life or almost end of life. Users of affected versions of Elber Signum DVB-S/S2 IRD, Cleber/3 Broadcast Multi-Purpose Platform, Reble610 M/ODU XPIC IP-ASI-SDH, ESE DVB-S/S2 Satellite Receiver, and Wayber Analog/Digital Audio STL are invited to contact Elber customer support https://elber.it/en/elber-contacts.php for additional information.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References