CVE-2025-0681

Summary

The Cloud MQTT service of the affected products supports wildcard topic subscription which could allow an attacker to obtain sensitive information from tapping the service communications.

Affected Software

VendorProductVersion RangeStatus
New Rock TechnologiesOM500 IP-PBXAllaffected
New Rock TechnologiesMX8G VoIP GatewayAllaffected
New Rock TechnologiesNRP1302/P Desktop IP PhoneAllaffected

Weaknesses

  • CWE-155: CWE-155

Workarounds

New Rock Technologies has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of affected versions of New Rock Technologies Cloud Connected Devices are invited to contact New Rock Technologies customer support https://www.newrocktech.com/ContactUs/index.html for additional information.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References