Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for Pro 4PM by Shelly
CVE-2025-11243 (GCVE-0-2025-11243)
Vulnerability from nvd – Published: 2025-11-19 06:50 – Updated: 2025-11-21 17:13
VLAI?
Title
Allocation of Resources Without Limits or Throttling in Shelly Pro 4PM
Summary
Allocation of Resources Without Limits or Throttling vulnerability in Shelly Pro 4PM (before v1.6) allows Excessive Allocation via network.
Severity ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11243",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T18:38:12.634658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T18:38:22.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pro 4PM",
"vendor": "Shelly",
"versions": [
{
"lessThan": "1.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:shelly:pro_4pm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.6",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gabriele Quagliarella at Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Allocation of Resources Without Limits or Throttling vulnerability in Shelly Pro 4PM (before v1.6) allows Excessive Allocation via network.\u003cbr\u003e"
}
],
"value": "Allocation of Resources Without Limits or Throttling vulnerability in Shelly Pro 4PM (before v1.6) allows Excessive Allocation via network."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T17:13:21.290Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-11243"
},
{
"tags": [
"media-coverage",
"technical-description"
],
"url": "https://www.nozominetworks.com/blog/shelly-pro-4pm-vulnerabilities"
},
{
"tags": [
"government-resource",
"technical-description"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-322-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To fix this issue, it\u0027s suggested to update the Pro 4PM to v1.6\u003cbr\u003e"
}
],
"value": "To fix this issue, it\u0027s suggested to update the Pro 4PM to v1.6"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Allocation of Resources Without Limits or Throttling in Shelly Pro 4PM",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2025-11243",
"datePublished": "2025-11-19T06:50:08.973Z",
"dateReserved": "2025-10-02T14:06:12.008Z",
"dateUpdated": "2025-11-21T17:13:21.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11243 (GCVE-0-2025-11243)
Vulnerability from cvelistv5 – Published: 2025-11-19 06:50 – Updated: 2025-11-21 17:13
VLAI?
Title
Allocation of Resources Without Limits or Throttling in Shelly Pro 4PM
Summary
Allocation of Resources Without Limits or Throttling vulnerability in Shelly Pro 4PM (before v1.6) allows Excessive Allocation via network.
Severity ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11243",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T18:38:12.634658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T18:38:22.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pro 4PM",
"vendor": "Shelly",
"versions": [
{
"lessThan": "1.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:shelly:pro_4pm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.6",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gabriele Quagliarella at Nozomi Networks"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Allocation of Resources Without Limits or Throttling vulnerability in Shelly Pro 4PM (before v1.6) allows Excessive Allocation via network.\u003cbr\u003e"
}
],
"value": "Allocation of Resources Without Limits or Throttling vulnerability in Shelly Pro 4PM (before v1.6) allows Excessive Allocation via network."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T17:13:21.290Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-11243"
},
{
"tags": [
"media-coverage",
"technical-description"
],
"url": "https://www.nozominetworks.com/blog/shelly-pro-4pm-vulnerabilities"
},
{
"tags": [
"government-resource",
"technical-description"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-322-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To fix this issue, it\u0027s suggested to update the Pro 4PM to v1.6\u003cbr\u003e"
}
],
"value": "To fix this issue, it\u0027s suggested to update the Pro 4PM to v1.6"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Allocation of Resources Without Limits or Throttling in Shelly Pro 4PM",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2025-11243",
"datePublished": "2025-11-19T06:50:08.973Z",
"dateReserved": "2025-10-02T14:06:12.008Z",
"dateUpdated": "2025-11-21T17:13:21.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}