PatchSiren cyber security CVE debrief
CVE-2025-0675 Elber CVE debrief
CVE-2025-0675 is a high-severity issue affecting multiple Elber products. CISA says the flaw allows unauthenticated device configuration and client-side hidden functionality disclosure, and the advisory indicates the affected equipment is end of life or nearly end of life with no vendor mitigation planned.
- Vendor
- Elber
- Product
- Signum DVB-S/S2 IRD
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-04
- Original CVE updated
- 2025-02-04
- Advisory published
- 2025-02-04
- Advisory updated
- 2025-02-04
Who should care
OT and broadcast operators using affected Elber equipment, along with network administrators, system integrators, and asset owners responsible for exposed or remotely reachable devices.
Technical summary
The CISA advisory identifies five affected Elber products: Signum DVB-S/S2 IRD, Cleber/3 Broadcast Multi-Purpose Platform, Reble610 M/ODU XPIC IP-ASI-SDH, ESE DVB-S/S2 Satellite Receiver, and Wayber Analog/Digital Audio STL. The supplied CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) shows a network-reachable issue with no privileges or user interaction required and a confidentiality impact. The source describes two impacts: unauthenticated device configuration and disclosure of hidden functionality on the client side. CISA also states Elber does not plan to mitigate because the products are end of life or nearly end of life, and affected users are directed to contact Elber support for more information.
Defensive priority
High. The issue is remotely reachable, requires no authentication, and affects multiple product families with no vendor fix planned in the advisory, so affected deployments should be prioritized for inventorying, isolation, and replacement planning.
Recommended defensive actions
- Inventory all Elber devices matching the affected product names and versions listed in the advisory.
- Restrict network exposure of affected devices, especially management interfaces, using segmentation and access controls.
- If the devices are still in use, contact Elber support using the vendor remediation link for replacement or migration guidance.
- Treat the advisory as a replacement-and-containment issue because the vendor states no mitigation is planned for end-of-life or near-end-of-life equipment.
- Review OT monitoring and remote-access paths for any configuration changes or unexpected exposure of hidden functionality.
- Track the official CISA advisory and CVE record for any later updates or revisions.
Evidence notes
The supplied CISA CSAF advisory (ICSA-25-035-03) published on 2025-02-04 is the primary source. It lists the five affected Elber products and states that the vendor does not plan to mitigate because the equipment is end of life or almost end of life. The supplied CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, supporting a network-reachable confidentiality-impacting issue. The source corpus does not include exploit details or KEV inclusion.
Official resources
-
CVE-2025-0675 CVE record
CVE.org
-
CVE-2025-0675 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA on 2025-02-04 through advisory ICSA-25-035-03; no KEV listing is provided in the supplied corpus.