CVE-2025-22937 – This vulnerability in Adtran 411 ONT devices al... (How to Fix)

Q: What is the severity of CVE-2025-22937?

CVE-2025-22937 has a CVSS score of 9.8 (CRITICAL). This vulnerability in Adtran 411 ONT devices allows attackers to escalate privileges from a lower-privileged user to administrative access. It affects organizations using Adtran 411 ONT fiber networking equipment. The high CVSS score indicates critical severity requiring immediate attention.

📋 TL;DR

This vulnerability in Adtran 411 ONT devices allows attackers to escalate privileges from a lower-privileged user to administrative access. It affects organizations using Adtran 411 ONT fiber networking equipment. The high CVSS score indicates critical severity requiring immediate attention.

💻 Affected Systems

Products:

Adtran 411 ONT

Versions: vL80.00.0011.M2

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Specific configuration details are unspecified in the CVE description but likely affects standard deployments.

📦 What is this software?

411 Firmware by Adtran

View all CVEs affecting 411 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise allowing attackers to reconfigure network settings, intercept traffic, install persistent backdoors, or use the device as a pivot point into internal networks.

🟠

Likely Case

Attackers gain administrative control over the ONT device, enabling network disruption, service degradation, or credential harvesting from connected devices.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict network segmentation and access controls, though local network compromise remains possible.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

References suggest detailed exploitation information is available, though the CVE description mentions 'unspecified vectors' requiring some initial access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None provided in references

Restart Required: Yes

Instructions:

1. Monitor Adtran security advisories for patch availability. 2. Apply firmware updates when released. 3. Reboot devices after patching.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Adtran 411 ONT devices in dedicated VLANs with strict firewall rules limiting management access.

Access Control Hardening

all

Restrict management interface access to specific administrative IP addresses only.

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected devices from critical systems
Monitor device logs for privilege escalation attempts and unusual administrative activity

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface or CLI using 'show version' command

Check Version:

show version

Verify Fix Applied:

Verify firmware version has been updated beyond vL80.00.0011.M2

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation events
Multiple failed login attempts followed by successful administrative access
Configuration changes from non-admin accounts

Network Indicators:

Unusual management protocol traffic to ONT devices
Administrative access from unexpected source IPs

SIEM Query:

source="adtran-ont" AND (event_type="privilege_escalation" OR user_change="admin")

📊 Metadata

CVE ID: CVE-2025-22937

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-269

EPSS Score: 0.39% exploit probability (59.5th percentile)

Published: March 31, 2025

Last Updated: August 18, 2025

🔗 References

https://drive.google.com/file/d/1levaZk5aC6g6a2zPW8xlOIVAu9MFYvAz/view Exploit,Third Party Advisory
https://lanrat.com/posts/adtran-isp-hacking/
https://drive.google.com/file/d/1levaZk5aC6g6a2zPW8xlOIVAu9MFYvAz/view Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-22937, you might also want to check these: