PatchSiren cyber security CVE debrief
CVE-2025-24861 Outback Power CVE debrief
CVE-2025-24861 covers a command injection issue in the Outback Power Mojave Inverter. CISA’s advisory says an attacker may inject commands via specially crafted POST requests, and the supplied remediation recommends disabling the product’s networking features until a replacement can be acquired. The advisory was published on 2025-02-13 and the supplied metadata does not list the issue in CISA’s Known Exploited Vulnerabilities catalog.
- Vendor
- Outback Power
- Product
- Mojave Inverter
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-13
- Original CVE updated
- 2025-02-13
- Advisory published
- 2025-02-13
- Advisory updated
- 2025-02-13
Who should care
Industrial control system owners, site operators, and defenders responsible for Outback Power Mojave Inverter deployments should prioritize this advisory. It is especially relevant where the device is network-reachable or exposed beyond a tightly controlled OT segment.
Technical summary
The supplied CISA CSAF advisory (ICSA-25-044-17) describes a command injection condition in the Outback Power Mojave Inverter where an attacker may inject commands via specially crafted POST requests. The affected product entry is listed as vers:all/*, indicating all versions represented in the advisory scope. The provided CVSS 3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, which aligns with a network-reachable issue requiring no privileges or user interaction and causing high confidentiality impact. CISA’s remediation note states that the product may be discontinued and recommends disabling networking features until a replacement product can be acquired.
Defensive priority
High. This is a remotely reachable OT/ICS issue with no privileges or user interaction required, so exposed deployments should be treated as urgent to isolate and mitigate.
Recommended defensive actions
- Disable the Mojave Inverter’s networking features as CISA recommends, if operationally possible.
- Remove or restrict any network exposure to the device, especially from untrusted or routed networks.
- Inventory all Outback Power Mojave Inverter deployments and confirm whether they match the affected advisory scope.
- Use OT network segmentation and access control to minimize who can reach the device.
- Plan for replacement if the product is no longer maintained or supported.
- Monitor the CISA advisory for updates and any future vendor guidance.
Evidence notes
All material facts in this debrief come from the supplied CISA CSAF source item for ICSA-25-044-17 and the embedded remediation note. The advisory text explicitly states that an attacker may inject commands via specially crafted POST requests, and the remediation text explicitly recommends disabling networking features until a replacement product can be acquired.
Official resources
-
CVE-2025-24861 CVE record
CVE.org
-
CVE-2025-24861 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published ICSA-25-044-17 and the corresponding CVE record on 2025-02-13. The supplied metadata does not indicate KEV inclusion or known ransomware campaign use.