PatchSiren cyber security CVE debrief
CVE-2025-30507 CyberData CVE debrief
CVE-2025-30507 is a medium-severity information-disclosure issue in CyberData’s 011209 SIP Emergency Intercom. According to the CISA CSAF advisory, an unauthenticated attacker can use blind SQL injection to gather sensitive information from affected devices running versions earlier than 22.0.1. The vendor’s remediation is to update to v22.0.1.
- Vendor
- CyberData
- Product
- 011209 SIP Emergency Intercom
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-05
- Original CVE updated
- 2025-06-05
- Advisory published
- 2025-06-05
- Advisory updated
- 2025-06-05
Who should care
Organizations operating CyberData 011209 SIP Emergency Intercom devices, especially if they are reachable from untrusted networks or used in facilities where emergency communications are important. Security teams, OT/ICS administrators, and asset owners should prioritize exposed or broadly accessible deployments.
Technical summary
The advisory identifies an unauthenticated blind SQL injection condition in CyberData 011209 SIP Emergency Intercom versions <22.0.1. The CVSS v3.1 vector provided by the source is AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating network-reachable, low-complexity exploitation with no authentication or user interaction required and a confidentiality impact limited to sensitive information disclosure.
Defensive priority
Medium. Treat as higher priority for any deployment exposed to untrusted networks because the issue is unauthenticated and network-reachable, even though the reported impact is limited to confidentiality.
Recommended defensive actions
- Update CyberData 011209 SIP Emergency Intercom to version 22.0.1 or later as recommended by the vendor.
- Identify all deployed instances of the affected product and confirm whether any are running versions earlier than 22.0.1.
- Restrict network access to the device interface using allowlists, VLAN segmentation, or other access controls where appropriate.
- Review exposure paths for any internet-facing or broadly reachable deployments and remove unnecessary access.
- Monitor device and gateway logs for unusual requests or unexpected database-related errors where logging is available.
- Validate that emergency intercom management interfaces are not reachable from untrusted networks unless required.
- Track CISA and vendor advisories for any follow-on guidance or additional affected versions.
Evidence notes
This debrief is based on the supplied CISA CSAF advisory ICSA-25-155-01 for CVE-2025-30507, published and modified on 2025-06-05. The advisory states that CyberData 011209 SIP Emergency Intercom versions before 22.0.1 may allow an unauthenticated user to gather sensitive information through blind SQL injections, and it recommends updating to v22.0.1.
Official resources
-
CVE-2025-30507 CVE record
CVE.org
-
CVE-2025-30507 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA on 2025-06-05 in advisory ICSA-25-155-01, with the CVE and advisory record both carrying the same publish date in the supplied timeline.