CVE-2025-2566

Kaleris NAVIS N4 ULC (Ultra Light Client) contains an unsafe Java deserialization vulnerability. An unauthenticated attacker can make specially crafted requests to execute arbitrary code on the server.

CVSS

No CVSS.

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-01

Configurations

No configuration.

History

No history.

Information

Published : 2025-06-24 19:15

Updated : 2025-06-26 18:58

NVD link : CVE-2025-2566

Mitre link : CVE-2025-2566

CVE.ORG link : CVE-2025-2566

JSON object : View

Products Affected

No product.

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2025-2566", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-06-24T19:15:23.520", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-175-01", "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "Kaleris NAVIS N4 ULC (Ultra Light Client) contains an unsafe Java deserialization vulnerability. An unauthenticated attacker can make specially crafted requests to execute arbitrary code on the server."}, {"lang": "es", "value": "Kaleris NAVIS N4 ULC (Cliente Ultraligero) contiene una vulnerabilidad de deserializaci\u00f3n de Java insegura. Un atacante no autenticado puede realizar solicitudes especialmente manipuladas para ejecutar c\u00f3digo arbitrario en el servidor."}], "lastModified": "2025-06-26T18:58:14.280", "sourceIdentifier": "ics-cert@hq.dhs.gov"}

CVE-2025-2566

JSON object

Attach tags to CVE-2025-2566

Attach tags to `CVE-2025-2566`