CVE-2025-27261 – Ericsson Indoor Connect 8855 contains an SQL in... (How to Fix)

Q: What is the severity of CVE-2025-27261?

CVE-2025-27261 has a CVSS score of 9.8 (CRITICAL). Ericsson Indoor Connect 8855 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL commands on the database. This can lead to unauthorized data disclosure, modification, or deletion. Organizations using this Ericsson networking equipment are affected.

📋 TL;DR

Ericsson Indoor Connect 8855 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL commands on the database. This can lead to unauthorized data disclosure, modification, or deletion. Organizations using this Ericsson networking equipment are affected.

💻 Affected Systems

Products:

Ericsson Indoor Connect 8855

Versions: All versions prior to the fix

Operating Systems: Embedded system

Default Config Vulnerable: ⚠️ Yes

Notes: This is a network equipment device, not a traditional software application.

📦 What is this software?

Indoor Connect 8855 Firmware by Ericsson

View all CVEs affecting Indoor Connect 8855 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the database, including exfiltration of all sensitive data, modification of configuration settings, or denial of service by deleting critical data.

🟠

Likely Case

Unauthorized access to network configuration data, user information, or device logs stored in the database.

🟢

If Mitigated

Limited impact if network segmentation, database permissions, and input validation controls are properly implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities typically have low exploitation complexity when unauthenticated access is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched version

Vendor Advisory: https://www.ericsson.com/en/about-us/security/psirt/e2025-09-25

Restart Required: Yes

Instructions:

1. Review the Ericsson PSIRT advisory. 2. Download the patched firmware from Ericsson support. 3. Backup current configuration. 4. Apply firmware update following Ericsson documentation. 5. Verify the update was successful.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate the Ericsson Indoor Connect 8855 from untrusted networks and limit access to authorized management interfaces only.

Input Validation

all

Implement web application firewall (WAF) rules to detect and block SQL injection patterns.

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the management interface
Monitor database and application logs for suspicious SQL queries

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against the patched version listed in the Ericsson advisory

Check Version:

Check via device web interface or CLI (specific command varies by Ericsson device)

Verify Fix Applied:

Verify the firmware version has been updated to the patched version and test SQL injection attempts are blocked

📡 Detection & Monitoring

Log Indicators:

Unusual SQL query patterns in database logs
Multiple failed login attempts followed by SQL-like strings in requests

Network Indicators:

HTTP requests containing SQL keywords (SELECT, UNION, INSERT, etc.) to the device management interface

SIEM Query:

source="ericsson_device" AND (http_request CONTAINS "SELECT" OR http_request CONTAINS "UNION" OR http_request CONTAINS "INSERT")

📊 Metadata

CVE ID: CVE-2025-27261

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.06% exploit probability (17.2th percentile)

Published: September 25, 2025

Last Updated: October 2, 2025

🔗 References

https://www.ericsson.com/en/about-us/security/psirt/e2025-09-25 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-27261, you might also want to check these: