CVE-2025-30184 – CVE-2025-30184 allows unauthenticated attackers... (How to Fix)

Q: What is the severity of CVE-2025-30184?

CVE-2025-30184 has a CVSS score of 9.8 (CRITICAL). CVE-2025-30184 allows unauthenticated attackers to bypass authentication and access the CyberData 011209 Intercom web interface through an alternate path. This affects all organizations using vulnerable versions of this intercom system. The vulnerability enables unauthorized access to device controls and configuration.

📋 TL;DR

CVE-2025-30184 allows unauthenticated attackers to bypass authentication and access the CyberData 011209 Intercom web interface through an alternate path. This affects all organizations using vulnerable versions of this intercom system. The vulnerability enables unauthorized access to device controls and configuration.

💻 Affected Systems

Products:

CyberData 011209 Intercom

Versions: All versions prior to patched version (specific version not specified in reference)

Operating Systems: Embedded/Linux-based firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface of the intercom device. Physical access to device network segment may be required if not internet-facing.

📦 What is this software?

011209 Sip Emergency Intercom Firmware by Cyberdata

View all CVEs affecting 011209 Sip Emergency Intercom Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of intercom system allowing attackers to disable security functions, intercept communications, or use the device as an entry point to connected networks.

🟠

Likely Case

Unauthorized access to intercom controls allowing attackers to disable or manipulate the device, potentially disrupting building security and communications.

🟢

If Mitigated

Limited impact if device is isolated from critical networks and access controls are properly configured on surrounding infrastructure.

🌐 Internet-Facing: HIGH - Directly exposed devices can be attacked without authentication from anywhere on the internet.

🏢 Internal Only: MEDIUM - Internal attackers or those who breach perimeter defenses can exploit this without credentials.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Authentication bypass vulnerabilities typically require minimal technical skill to exploit once the alternate path is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific version

Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-25-155-01

Restart Required: Yes

Instructions:

1. Check CISA advisory for patch details. 2. Download firmware update from CyberData. 3. Backup current configuration. 4. Apply firmware update via web interface. 5. Verify authentication is required for all access paths.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate intercom device from internet and restrict access to management interface

Access Control Lists

linux

Implement firewall rules to restrict access to intercom web interface

iptables -A INPUT -p tcp --dport 80 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

Segment device on isolated VLAN with strict firewall rules
Implement network monitoring for unauthorized access attempts to intercom interface

🔍 How to Verify

Check if Vulnerable:

Attempt to access web interface without authentication using known alternate paths (specific paths not disclosed)

Check Version:

Check firmware version in web interface under System > About or similar menu

Verify Fix Applied:

Verify authentication is required for all web interface access paths after patching

📡 Detection & Monitoring

Log Indicators:

Unauthenticated access to web interface paths
Multiple failed login attempts followed by successful access without credentials

Network Indicators:

Unusual traffic patterns to intercom web interface from unauthorized sources
HTTP requests bypassing authentication endpoints

SIEM Query:

source="intercom_logs" AND (event="unauthorized_access" OR (event="login_failed" AND event="access_granted" within 5s))

📊 Metadata

CVE ID: CVE-2025-30184

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-288

EPSS Score: 0.17% exploit probability (38.6th percentile)

Published: June 9, 2025

Last Updated: August 12, 2025

🔗 References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-155-01 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-30184, you might also want to check these: