CVE-2025-0674

Elber Communications Equipment Authentication Bypass Using an Alternate Path or Channel

Description

Multiple Elber products are affected by an authentication bypass vulnerability which allows unauthorized access to the password management functionality. Attackers can exploit this issue by manipulating the endpoint to overwrite any user's password within the system. This grants them unauthorized administrative access to protected areas of the application, compromising the device's system security.

Remediation

Workaround:

  • Elber does not plan to mitigate these vulnerabilities because this equipment is either end of life or almost end of life. Users of affected versions of Elber Signum DVB-S/S2 IRD, Cleber/3 Broadcast Multi-Purpose Platform, Reble610 M/ODU XPIC IP-ASI-SDH, ESE DVB-S/S2 Satellite Receiver, and Wayber Analog/Digital Audio STL are invited to contact Elber customer support https://elber.it/en/elber-contacts.php for additional information.

Category

9.3
CVSS
Severity: Critical
CVSS 4.0 •
CVSS 3.1 •
EPSS 0.32%
Affected: Elber Signum DVB-S/S2 IRD
Affected: Elber Cleber/3 Broadcast Multi-Purpose Platform
Affected: Elber Reble610 M/ODU XPIC IP-ASI-SDH
Affected: Elber ESE DVB-S/S2 Satellite Receiver
Affected: Elber Wayber Analog/Digital Audio STL
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-03

Frequently Asked Questions

What is the severity of CVE-2025-0674?
CVE-2025-0674 has been scored as a critical severity vulnerability.
How to fix CVE-2025-0674?
As a workaround for remediating CVE-2025-0674: Elber does not plan to mitigate these vulnerabilities because this equipment is either end of life or almost end of life. Users of affected versions of Elber Signum DVB-S/S2 IRD, Cleber/3 Broadcast Multi-Purpose Platform, Reble610 M/ODU XPIC IP-ASI-SDH, ESE DVB-S/S2 Satellite Receiver, and Wayber Analog/Digital Audio STL are invited to contact Elber customer support https://elber.it/en/elber-contacts.php for additional information.
Is CVE-2025-0674 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-0674 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-0674?
CVE-2025-0674 affects Elber Signum DVB-S/S2 IRD, Elber Cleber/3 Broadcast Multi-Purpose Platform, Elber Reble610 M/ODU XPIC IP-ASI-SDH, Elber ESE DVB-S/S2 Satellite Receiver, Elber Wayber Analog/Digital Audio STL.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.