PatchSiren cyber security CVE debrief
CVE-2025-4041 Optigo Networks CVE debrief
CVE-2025-4041 is a Critical issue in Optigo Networks ONS NC600 devices running versions 4.2.1-084 through 4.7.2-330. CISA’s advisory says an attacker who can connect to the device’s SSH server can use system components to perform OS command execution. The supplied CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates a network-reachable condition with no privileges or user interaction required and potential for full impact across confidentiality, integrity, and availability.
- Vendor
- Optigo Networks
- Product
- ONS NC600
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-05-06
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-05-06
- Advisory updated
- 2025-05-06
Who should care
OT and industrial network operators using Optigo Networks ONS NC600, especially teams managing BMS/OT remote access, SSH exposure, network segmentation, and VPN-based administration.
Technical summary
The advisory identifies a command-execution weakness exposed through the device’s SSH server. Affected versions are 4.2.1-084 through 4.7.2-330. Because the CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, the issue is treated as remotely reachable, low-complexity, unauthenticated, and capable of severe system impact if an attacker can reach the service. The source corpus does not provide exploit details, proof-of-concept material, or a fixed remediation version.
Defensive priority
Urgent. Prioritize exposure review and access restriction immediately, especially if the device is reachable from non-trusted networks or is used in critical OT operations.
Recommended defensive actions
- Identify whether any Optigo Networks ONS NC600 devices are running versions 4.2.1-084 through 4.7.2-330.
- Restrict access to the device management plane so SSH is reachable only from approved administrative networks.
- Use a dedicated NIC on the BMS computer and exclusively use that computer for connecting to OneView to manage the OT network configuration, as recommended by the vendor.
- Set up a router firewall with a whitelist for devices permitted to access OneView.
- Connect to OneView via a secure VPN.
- Follow CISA industrial control system recommended practices for segmentation, controlled remote access, and least-privilege administration.
Evidence notes
Source corpus ties CVE-2025-4041 to CISA advisory ICSA-25-126-01 and states: 'In Optigo Networks ONS NC600 versions 4.2.1-084 through 4.7.2-330, an attacker could connect with the device's ssh server and utilize the system's components to perform OS command executions.' The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, and the advisory publication date is 2025-05-06. No KEV listing is supplied in the corpus.
Official resources
-
CVE-2025-4041 CVE record
CVE.org
-
CVE-2025-4041 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA in advisory ICSA-25-126-01 on 2025-05-06, matching the CVE published and modified date in the supplied timeline.