CVE-2025-0675

Summary

Multiple Elber products suffer from an unauthenticated device configuration and client-side hidden functionality disclosure.

Affected Software

VendorProductVersion RangeStatus
ElberSignum DVB-S/S2 IRD0 <= 1.999affected
ElberCleber/3 Broadcast Multi-Purpose Platform1.0affected
ElberReble610 M/ODU XPIC IP-ASI-SDH0.01affected
ElberESE DVB-S/S2 Satellite Receiver0 <= 1.5.179affected
ElberWayber Analog/Digital Audio STL4affected

Weaknesses

  • CWE-912: CWE-912

Workarounds

Elber does not plan to mitigate these vulnerabilities because this equipment is either end of life or almost end of life. Users of affected versions of Elber Signum DVB-S/S2 IRD, Cleber/3 Broadcast Multi-Purpose Platform, Reble610 M/ODU XPIC IP-ASI-SDH, ESE DVB-S/S2 Satellite Receiver, and Wayber Analog/Digital Audio STL are invited to contact Elber customer support https://elber.it/en/elber-contacts.php for additional information.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References