Login Sign Up

CVE-2025-30507

5.3 MEDIUM
SQL Injection

📋 TL;DR

CVE-2025-30507 is a blind SQL injection vulnerability in CyberData 011209 Intercom devices that allows unauthenticated attackers to extract sensitive information from the database. This affects organizations using these intercom systems for physical security or communication. The vulnerability enables data exfiltration without requiring valid credentials.

💻 Affected Systems

Products:
  • CyberData 011209 Intercom
Versions: All versions prior to patch
Operating Systems: Embedded/Linux-based
Default Config Vulnerable: ⚠️ Yes
Notes: This is a hardware device with embedded software; default configuration is vulnerable.

📦 What is this software?

011209 Sip Emergency Intercom Firmware by Cyberdata

View all CVEs affecting 011209 Sip Emergency Intercom Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of sensitive data including user credentials, configuration details, and potentially access to other systems through credential reuse or lateral movement.

🟠

Likely Case

Extraction of sensitive configuration data, user information, or system details that could facilitate further attacks or reconnaissance.

🟢

If Mitigated

Limited data exposure if proper network segmentation and input validation controls are in place, though some information leakage may still occur.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Blind SQL injection typically requires automated tools for efficient exploitation but is well-understood by attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific version

Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-25-155-01

Restart Required: Yes

Instructions:

1. Check the CISA advisory for patch availability. 2. Download firmware update from CyberData. 3. Apply update following vendor instructions. 4. Restart device. 5. Verify patch application.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate intercom devices from untrusted networks and limit access to authorized systems only.

Web Application Firewall

all

Deploy WAF with SQL injection protection rules to block malicious requests.

🧯 If You Can't Patch

  • Implement strict network access controls to limit device exposure
  • Monitor for SQL injection attempts in network traffic and device logs

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against patched version in vendor advisory

Check Version:

Check device web interface or console for firmware version information

Verify Fix Applied:

Verify firmware version matches patched version and test SQL injection attempts are blocked

📡 Detection & Monitoring

Log Indicators:

  • Unusual database queries
  • SQL syntax in HTTP requests
  • Multiple failed authentication attempts

Network Indicators:

  • SQL keywords in HTTP requests to intercom device
  • Unusual outbound database connections

SIEM Query:

source="intercom" AND (http_request:*SELECT* OR http_request:*UNION* OR http_request:*WHERE*)

📊 Metadata

CVE ID: CVE-2025-30507
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-89
EPSS Score: 0.07% exploit probability (20.1th percentile)
Published: June 9, 2025
Last Updated: August 12, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-30507, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)