Search

Find a vulnerability

Search criteria

    16 vulnerabilities found for indoor_connect_8855_firmware by ericsson

    CVE-2025-40842 (GCVE-0-2025-40842)

    Vulnerability from nvd – Published: 2026-03-25 13:10 – Updated: 2026-03-25 13:44
    VLAI
    Title
    Ericsson Indoor Connect 8855 - Improper Neutralization of Input During Web Page Generation Vulnerability
    Summary
    Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Scripting (XSS) vulnerability which, if exploited, can lead to unauthorized disclosure and modification of certain information.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Indoor Connect 8855 Affected: 0 , < 2025.Q3 (custom)
    Create a notification for this product.
    Credits
    Telstra
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-40842",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-25T13:44:02.789000Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-25T13:44:10.955Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Indoor Connect 8855",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2025.Q3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "2025.Q3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Telstra"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Ericsson Indoor Connect 8855 versions prior to 2025.Q3\u0026nbsp;contains a\nCross-Site Scripting (XSS) vulnerability which, if exploited, can lead to\nunauthorized disclosure and modification of certain information.\u0026nbsp;"
                }
              ],
              "value": "Ericsson Indoor Connect 8855 versions prior to 2025.Q3\u00a0contains a\nCross-Site Scripting (XSS) vulnerability which, if exploited, can lead to\nunauthorized disclosure and modification of certain information."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-25T13:15:53.253Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-indoorconnect-march-2026"
            },
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/CVE-2025-40842"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Indoor Connect 8855 - Improper Neutralization of Input During Web Page Generation Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-40842",
        "datePublished": "2026-03-25T13:10:44.010Z",
        "dateReserved": "2025-04-16T08:59:01.744Z",
        "dateUpdated": "2026-03-25T13:44:10.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-40841 (GCVE-0-2025-40841)

    Vulnerability from nvd – Published: 2026-03-25 13:07 – Updated: 2026-03-25 13:44
    VLAI
    Title
    Ericsson Indoor Connect 8855 - Cross-Site Request Forgery Vulnerability
    Summary
    Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Request Forgery (CSRF) vulnerability which, if exploited, can lead to unauthorized modification of certain information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site request forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Indoor Connect 8855 Affected: 0 , < 2025.Q3 (custom)
    Create a notification for this product.
    Credits
    Telstra
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-40841",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-25T13:44:36.014812Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-25T13:44:45.962Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Indoor Connect 8855",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2025.Q3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "2025.Q3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Telstra"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Ericsson Indoor Connect 8855 versions prior to 2025.Q3\u0026nbsp;contains a\nCross-Site Request Forgery (CSRF) vulnerability which, if exploited, can lead\nto unauthorized modification of certain information.\u0026nbsp;"
                }
              ],
              "value": "Ericsson Indoor Connect 8855 versions prior to 2025.Q3\u00a0contains a\nCross-Site Request Forgery (CSRF) vulnerability which, if exploited, can lead\nto unauthorized modification of certain information."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site request forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-25T13:17:23.852Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-indoorconnect-march-2026"
            },
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/CVE-2025-40841"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Indoor Connect 8855 - Cross-Site Request Forgery  Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-40841",
        "datePublished": "2026-03-25T13:07:53.229Z",
        "dateReserved": "2025-04-16T08:59:01.744Z",
        "dateUpdated": "2026-03-25T13:44:45.962Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-27260 (GCVE-0-2025-27260)

    Vulnerability from nvd – Published: 2026-03-25 12:54 – Updated: 2026-03-25 13:50
    VLAI
    Title
    Ericsson Indoor Connect 8855 - Improper Filtering of Special Elements Vulnerability
    Summary
    Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special Elements vulnerability which, if exploited, can lead to unauthorized modification of certain information
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Indoor Connect 8855 Affected: 0 , < 2025.Q3 (custom)
    Create a notification for this product.
    Credits
    Telstra
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27260",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-25T13:50:26.371520Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-25T13:50:33.976Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Indoor Connect 8855",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2025.Q3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "2025.Q3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Telstra"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Ericsson\nIndoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special\nElements\u0026nbsp;vulnerability which, if exploited, can lead to unauthorized\nmodification of certain information"
                }
              ],
              "value": "Ericsson\nIndoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special\nElements\u00a0vulnerability which, if exploited, can lead to unauthorized\nmodification of certain information"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-790",
                  "description": "CWE-790",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-25T13:18:23.060Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-indoorconnect-march-2026"
            },
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/CVE-2025-27260"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Indoor Connect 8855 - Improper Filtering of Special Elements Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-27260",
        "datePublished": "2026-03-25T12:54:46.406Z",
        "dateReserved": "2025-02-21T08:58:20.367Z",
        "dateUpdated": "2026-03-25T13:50:33.976Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-40838 (GCVE-0-2025-40838)

    Vulnerability from nvd – Published: 2025-09-25 14:54 – Updated: 2025-09-30 12:15
    VLAI
    Title
    Ericsson Indoor Connect 8855 - Insufficiently Protected Credentials Vulnerability
    Summary
    Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Indoor Connect 8855 Affected: 0 , < 2025.Q2 (Indoor Connect 8855)
    Create a notification for this product.
    Credits
    Telstra
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-40838",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-25T15:44:16.433331Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-25T15:48:09.737Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Indoor Connect 8855",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2025.Q2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "2025.Q2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Indoor Connect 8855"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Telstra"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEricsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information.\u003c/span\u003e"
                }
              ],
              "value": "Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-30T12:15:44.492Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/e2025-09-25"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Indoor Connect 8855 - Insufficiently Protected Credentials Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-40838",
        "datePublished": "2025-09-25T14:54:43.229Z",
        "dateReserved": "2025-04-16T08:59:01.744Z",
        "dateUpdated": "2025-09-30T12:15:44.492Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-40837 (GCVE-0-2025-40837)

    Vulnerability from nvd – Published: 2025-09-25 14:52 – Updated: 2025-09-30 12:15
    VLAI
    Title
    Ericsson Indoor Connect 8855 - Missing Authorization Vulnerability
    Summary
    Ericsson Indoor Connect 8855 contains a missing authorization vulnerability which if exploited can allow access to the system as a user with higher privileges than intended.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Indoor Connect 8855 Affected: 0 , < 2025.Q2 (Indoor Connect 8855)
    Create a notification for this product.
    Credits
    Telstra
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-40837",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-25T15:44:22.046103Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-25T15:48:15.172Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Indoor Connect 8855",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2025.Q2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "2025.Q2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Indoor Connect 8855"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Telstra"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEricsson Indoor Connect 8855 contains a missing authorization vulnerability which if exploited can allow access to the system as a user with higher privileges than intended.\u003c/span\u003e"
                }
              ],
              "value": "Ericsson Indoor Connect 8855 contains a missing authorization vulnerability which if exploited can allow access to the system as a user with higher privileges than intended."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-30T12:15:13.648Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/e2025-09-25"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Indoor Connect 8855 - Missing Authorization Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-40837",
        "datePublished": "2025-09-25T14:52:23.376Z",
        "dateReserved": "2025-04-16T08:59:01.744Z",
        "dateUpdated": "2025-09-30T12:15:13.648Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-40836 (GCVE-0-2025-40836)

    Vulnerability from nvd – Published: 2025-09-25 14:49 – Updated: 2025-09-30 12:14
    VLAI
    Title
    Ericsson Indoor Connect 8855 - Improper Input Validation Vulnerability
    Summary
    Ericsson Indoor Connect 8855 contains an improper input validation vulnerability which if exploited can allow an attacker to execute commands with escalated privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Indoor Connect 8855 Affected: 0 , < 2025.Q2 (Indoor Connect 8855)
    Create a notification for this product.
    Credits
    Telstra
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-40836",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-25T15:44:35.263809Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-25T15:48:27.041Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Indoor Connect 8855",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2025.Q2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "2025.Q2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Indoor Connect 8855"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Telstra"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEricsson Indoor Connect 8855 contains an improper input validation vulnerability which if exploited can allow an attacker to execute commands with escalated privileges.\u003c/span\u003e"
                }
              ],
              "value": "Ericsson Indoor Connect 8855 contains an improper input validation vulnerability which if exploited can allow an attacker to execute commands with escalated privileges."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-30T12:14:36.904Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/e2025-09-25"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Indoor Connect 8855 - Improper Input Validation Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-40836",
        "datePublished": "2025-09-25T14:49:02.613Z",
        "dateReserved": "2025-04-16T08:59:01.744Z",
        "dateUpdated": "2025-09-30T12:14:36.904Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27262 (GCVE-0-2025-27262)

    Vulnerability from nvd – Published: 2025-09-25 14:43 – Updated: 2025-09-30 12:13
    VLAI
    Title
    Ericsson Indoor Connect 8855 - Improper Neutralization of Special Elements used in an OS Command Vulnerability
    Summary
    Ericsson Indoor Connect 8855 contains a command injection vulnerability which if exploited can result in an escalation of privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Indoor Connect 8855 Affected: 0 , < 2025.Q2 (Indoor Connect 8855)
    Create a notification for this product.
    Credits
    Telstra
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27262",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-25T15:18:14.273331Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-25T15:27:05.382Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Indoor Connect 8855",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2025.Q2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "2025.Q2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Indoor Connect 8855"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Telstra"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEricsson Indoor Connect 8855 contains a command injection vulnerability which if exploited can result in an escalation of privileges.\u003c/span\u003e"
                }
              ],
              "value": "Ericsson Indoor Connect 8855 contains a command injection vulnerability which if exploited can result in an escalation of privileges."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-30T12:13:16.746Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/e2025-09-25"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Indoor Connect 8855 -  Improper Neutralization of Special Elements used in an OS Command Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-27262",
        "datePublished": "2025-09-25T14:43:29.803Z",
        "dateReserved": "2025-02-21T08:58:20.367Z",
        "dateUpdated": "2025-09-30T12:13:16.746Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27261 (GCVE-0-2025-27261)

    Vulnerability from nvd – Published: 2025-09-25 13:47 – Updated: 2025-09-30 12:12
    VLAI
    Title
    Ericsson Indoor Connect 8855 - Improper Neutralization of Special Elements used in an SQL Command Vulnerability
    Summary
    Ericsson Indoor Connect 8855 contains an SQL injection vulnerability which if exploited can result in unauthorized disclosure or modification of data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Indoor Connect 8855 Affected: 0 , < 2025.Q2 (Indoor Connect 8855)
    Create a notification for this product.
    Credits
    Telstra
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27261",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-25T14:30:26.479892Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-25T14:30:40.991Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Indoor Connect 8855",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2025.Q2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "2025.Q2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Indoor Connect 8855"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Telstra"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEricsson Indoor Connect 8855 contains an SQL injection vulnerability which if exploited can result in unauthorized disclosure or modification of data.\u003c/span\u003e"
                }
              ],
              "value": "Ericsson Indoor Connect 8855 contains an SQL injection vulnerability which if exploited can result in unauthorized disclosure or modification of data."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-30T12:12:39.842Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/e2025-09-25"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Indoor Connect 8855 - Improper Neutralization of Special Elements used in an SQL Command Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-27261",
        "datePublished": "2025-09-25T13:47:06.233Z",
        "dateReserved": "2025-02-21T08:58:20.367Z",
        "dateUpdated": "2025-09-30T12:12:39.842Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-40842 (GCVE-0-2025-40842)

    Vulnerability from cvelistv5 – Published: 2026-03-25 13:10 – Updated: 2026-03-25 13:44
    VLAI
    Title
    Ericsson Indoor Connect 8855 - Improper Neutralization of Input During Web Page Generation Vulnerability
    Summary
    Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Scripting (XSS) vulnerability which, if exploited, can lead to unauthorized disclosure and modification of certain information.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Indoor Connect 8855 Affected: 0 , < 2025.Q3 (custom)
    Create a notification for this product.
    Credits
    Telstra
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-40842",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-25T13:44:02.789000Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-25T13:44:10.955Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Indoor Connect 8855",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2025.Q3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "2025.Q3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Telstra"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Ericsson Indoor Connect 8855 versions prior to 2025.Q3\u0026nbsp;contains a\nCross-Site Scripting (XSS) vulnerability which, if exploited, can lead to\nunauthorized disclosure and modification of certain information.\u0026nbsp;"
                }
              ],
              "value": "Ericsson Indoor Connect 8855 versions prior to 2025.Q3\u00a0contains a\nCross-Site Scripting (XSS) vulnerability which, if exploited, can lead to\nunauthorized disclosure and modification of certain information."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-25T13:15:53.253Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-indoorconnect-march-2026"
            },
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/CVE-2025-40842"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Indoor Connect 8855 - Improper Neutralization of Input During Web Page Generation Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-40842",
        "datePublished": "2026-03-25T13:10:44.010Z",
        "dateReserved": "2025-04-16T08:59:01.744Z",
        "dateUpdated": "2026-03-25T13:44:10.955Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-40841 (GCVE-0-2025-40841)

    Vulnerability from cvelistv5 – Published: 2026-03-25 13:07 – Updated: 2026-03-25 13:44
    VLAI
    Title
    Ericsson Indoor Connect 8855 - Cross-Site Request Forgery Vulnerability
    Summary
    Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Request Forgery (CSRF) vulnerability which, if exploited, can lead to unauthorized modification of certain information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site request forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Indoor Connect 8855 Affected: 0 , < 2025.Q3 (custom)
    Create a notification for this product.
    Credits
    Telstra
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-40841",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-25T13:44:36.014812Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-25T13:44:45.962Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Indoor Connect 8855",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2025.Q3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "2025.Q3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Telstra"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Ericsson Indoor Connect 8855 versions prior to 2025.Q3\u0026nbsp;contains a\nCross-Site Request Forgery (CSRF) vulnerability which, if exploited, can lead\nto unauthorized modification of certain information.\u0026nbsp;"
                }
              ],
              "value": "Ericsson Indoor Connect 8855 versions prior to 2025.Q3\u00a0contains a\nCross-Site Request Forgery (CSRF) vulnerability which, if exploited, can lead\nto unauthorized modification of certain information."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site request forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-25T13:17:23.852Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-indoorconnect-march-2026"
            },
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/CVE-2025-40841"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Indoor Connect 8855 - Cross-Site Request Forgery  Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-40841",
        "datePublished": "2026-03-25T13:07:53.229Z",
        "dateReserved": "2025-04-16T08:59:01.744Z",
        "dateUpdated": "2026-03-25T13:44:45.962Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-27260 (GCVE-0-2025-27260)

    Vulnerability from cvelistv5 – Published: 2026-03-25 12:54 – Updated: 2026-03-25 13:50
    VLAI
    Title
    Ericsson Indoor Connect 8855 - Improper Filtering of Special Elements Vulnerability
    Summary
    Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special Elements vulnerability which, if exploited, can lead to unauthorized modification of certain information
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Indoor Connect 8855 Affected: 0 , < 2025.Q3 (custom)
    Create a notification for this product.
    Credits
    Telstra
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27260",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-25T13:50:26.371520Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-25T13:50:33.976Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Indoor Connect 8855",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2025.Q3",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "2025.Q3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Telstra"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Ericsson\nIndoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special\nElements\u0026nbsp;vulnerability which, if exploited, can lead to unauthorized\nmodification of certain information"
                }
              ],
              "value": "Ericsson\nIndoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special\nElements\u00a0vulnerability which, if exploited, can lead to unauthorized\nmodification of certain information"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-790",
                  "description": "CWE-790",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-25T13:18:23.060Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-indoorconnect-march-2026"
            },
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/CVE-2025-27260"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Indoor Connect 8855 - Improper Filtering of Special Elements Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-27260",
        "datePublished": "2026-03-25T12:54:46.406Z",
        "dateReserved": "2025-02-21T08:58:20.367Z",
        "dateUpdated": "2026-03-25T13:50:33.976Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-40838 (GCVE-0-2025-40838)

    Vulnerability from cvelistv5 – Published: 2025-09-25 14:54 – Updated: 2025-09-30 12:15
    VLAI
    Title
    Ericsson Indoor Connect 8855 - Insufficiently Protected Credentials Vulnerability
    Summary
    Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Indoor Connect 8855 Affected: 0 , < 2025.Q2 (Indoor Connect 8855)
    Create a notification for this product.
    Credits
    Telstra
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-40838",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-25T15:44:16.433331Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-25T15:48:09.737Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Indoor Connect 8855",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2025.Q2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "2025.Q2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Indoor Connect 8855"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Telstra"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEricsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information.\u003c/span\u003e"
                }
              ],
              "value": "Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-30T12:15:44.492Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/e2025-09-25"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Indoor Connect 8855 - Insufficiently Protected Credentials Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-40838",
        "datePublished": "2025-09-25T14:54:43.229Z",
        "dateReserved": "2025-04-16T08:59:01.744Z",
        "dateUpdated": "2025-09-30T12:15:44.492Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-40837 (GCVE-0-2025-40837)

    Vulnerability from cvelistv5 – Published: 2025-09-25 14:52 – Updated: 2025-09-30 12:15
    VLAI
    Title
    Ericsson Indoor Connect 8855 - Missing Authorization Vulnerability
    Summary
    Ericsson Indoor Connect 8855 contains a missing authorization vulnerability which if exploited can allow access to the system as a user with higher privileges than intended.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Indoor Connect 8855 Affected: 0 , < 2025.Q2 (Indoor Connect 8855)
    Create a notification for this product.
    Credits
    Telstra
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-40837",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-25T15:44:22.046103Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-25T15:48:15.172Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Indoor Connect 8855",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2025.Q2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "2025.Q2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Indoor Connect 8855"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Telstra"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEricsson Indoor Connect 8855 contains a missing authorization vulnerability which if exploited can allow access to the system as a user with higher privileges than intended.\u003c/span\u003e"
                }
              ],
              "value": "Ericsson Indoor Connect 8855 contains a missing authorization vulnerability which if exploited can allow access to the system as a user with higher privileges than intended."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-30T12:15:13.648Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/e2025-09-25"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Indoor Connect 8855 - Missing Authorization Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-40837",
        "datePublished": "2025-09-25T14:52:23.376Z",
        "dateReserved": "2025-04-16T08:59:01.744Z",
        "dateUpdated": "2025-09-30T12:15:13.648Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-40836 (GCVE-0-2025-40836)

    Vulnerability from cvelistv5 – Published: 2025-09-25 14:49 – Updated: 2025-09-30 12:14
    VLAI
    Title
    Ericsson Indoor Connect 8855 - Improper Input Validation Vulnerability
    Summary
    Ericsson Indoor Connect 8855 contains an improper input validation vulnerability which if exploited can allow an attacker to execute commands with escalated privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Indoor Connect 8855 Affected: 0 , < 2025.Q2 (Indoor Connect 8855)
    Create a notification for this product.
    Credits
    Telstra
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-40836",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-25T15:44:35.263809Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-25T15:48:27.041Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Indoor Connect 8855",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2025.Q2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "2025.Q2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Indoor Connect 8855"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Telstra"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEricsson Indoor Connect 8855 contains an improper input validation vulnerability which if exploited can allow an attacker to execute commands with escalated privileges.\u003c/span\u003e"
                }
              ],
              "value": "Ericsson Indoor Connect 8855 contains an improper input validation vulnerability which if exploited can allow an attacker to execute commands with escalated privileges."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-30T12:14:36.904Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/e2025-09-25"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Indoor Connect 8855 - Improper Input Validation Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-40836",
        "datePublished": "2025-09-25T14:49:02.613Z",
        "dateReserved": "2025-04-16T08:59:01.744Z",
        "dateUpdated": "2025-09-30T12:14:36.904Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27262 (GCVE-0-2025-27262)

    Vulnerability from cvelistv5 – Published: 2025-09-25 14:43 – Updated: 2025-09-30 12:13
    VLAI
    Title
    Ericsson Indoor Connect 8855 - Improper Neutralization of Special Elements used in an OS Command Vulnerability
    Summary
    Ericsson Indoor Connect 8855 contains a command injection vulnerability which if exploited can result in an escalation of privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Indoor Connect 8855 Affected: 0 , < 2025.Q2 (Indoor Connect 8855)
    Create a notification for this product.
    Credits
    Telstra
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27262",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-25T15:18:14.273331Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-25T15:27:05.382Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Indoor Connect 8855",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2025.Q2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "2025.Q2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Indoor Connect 8855"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Telstra"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEricsson Indoor Connect 8855 contains a command injection vulnerability which if exploited can result in an escalation of privileges.\u003c/span\u003e"
                }
              ],
              "value": "Ericsson Indoor Connect 8855 contains a command injection vulnerability which if exploited can result in an escalation of privileges."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-30T12:13:16.746Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/e2025-09-25"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Indoor Connect 8855 -  Improper Neutralization of Special Elements used in an OS Command Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-27262",
        "datePublished": "2025-09-25T14:43:29.803Z",
        "dateReserved": "2025-02-21T08:58:20.367Z",
        "dateUpdated": "2025-09-30T12:13:16.746Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27261 (GCVE-0-2025-27261)

    Vulnerability from cvelistv5 – Published: 2025-09-25 13:47 – Updated: 2025-09-30 12:12
    VLAI
    Title
    Ericsson Indoor Connect 8855 - Improper Neutralization of Special Elements used in an SQL Command Vulnerability
    Summary
    Ericsson Indoor Connect 8855 contains an SQL injection vulnerability which if exploited can result in unauthorized disclosure or modification of data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Ericsson Indoor Connect 8855 Affected: 0 , < 2025.Q2 (Indoor Connect 8855)
    Create a notification for this product.
    Credits
    Telstra
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27261",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-25T14:30:26.479892Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-25T14:30:40.991Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Indoor Connect 8855",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2025.Q2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "2025.Q2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Indoor Connect 8855"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Telstra"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEricsson Indoor Connect 8855 contains an SQL injection vulnerability which if exploited can result in unauthorized disclosure or modification of data.\u003c/span\u003e"
                }
              ],
              "value": "Ericsson Indoor Connect 8855 contains an SQL injection vulnerability which if exploited can result in unauthorized disclosure or modification of data."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-30T12:12:39.842Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/e2025-09-25"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Indoor Connect 8855 - Improper Neutralization of Special Elements used in an SQL Command Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2025-27261",
        "datePublished": "2025-09-25T13:47:06.233Z",
        "dateReserved": "2025-02-21T08:58:20.367Z",
        "dateUpdated": "2025-09-30T12:12:39.842Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }