CVE-2025-3659

216.73.217.22

· Published 12/05/2025 21:15 · Modified 12/05/2025 21:15

Labels: CVE-2025-3659 2025-05-12 CVE-2025-3659 CWE-287 e8a6bb0b-e373-42b1-a5de-93e314325576

Essential information

Published: 12/05/2025 21:15
Modified: 12/05/2025 21:15
Author: —
Creator: —
CVSS: 9.4 CRITICAL (v3) 9.4 CRITICAL (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Improper authentication handling was identified in a set of HTTP POST requests affecting the following product families: * Digi PortServer TS - prior to and including 82000747_AA, build date 06/17/2022 * Digi One SP/Digi One SP IA/Digi One IA - prior to and including 82000774_Z, build date 10/19/2020 * Digi One IAP – prior to and including 82000770 Z, build date 10/19/2020 A specially crafted POST request to the device’s web interface may allow an unauthenticated attacker to modify configuration settings.

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: e8a6bb0b-e373-42b1-a5de-93e314325576
NVD: View on NVD

Affected products (CPE)

Product	CPE
digi / digi portserver ts	`cpe:2.3:a:digi:digi_portserver_ts::82000747_AA::::::*`
digi / digi one sp	`cpe:2.3:a:digi:digi_one_sp::82000774_Z::::::*`
digi / digi one ia	`cpe:2.3:a:digi:digi_one_ia::82000774_Z::::::*`
digi / digi one iap	`cpe:2.3:a:digi:digi_one_iap::82000770_Z::::::*`