PatchSiren cyber security CVE debrief
CVE-2025-45422 Proximus CVE debrief
CVE-2025-45422 is a HIGH severity vulnerability with a CVSS score of 8.1. The vulnerability exists in Proximus b-box v8c.725A and allows authenticated attackers to bypass normal restrictions and make arbitrary changes to port forwarding rules due to incorrect access control. This could lead to unauthorized changes in network configurations. Administrators and users should be aware of this vulnerability and take necessary actions to mitigate the risk.
- Vendor
- Proximus
- Product
- b-box
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-09
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-09
- Advisory updated
- 2026-07-10
Who should care
Administrators and users of Proximus b-box v8c.725A should be aware of this vulnerability and take necessary actions to mitigate the risk. This includes reviewing and restricting access to port forwarding rules and ensuring that only authorized personnel can make changes.
Technical summary
The vulnerability is caused by incorrect access control in Proximus b-box v8c.725A, which allows authenticated attackers to bypass normal restrictions and make arbitrary changes to port forwarding rules. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N. This vulnerability could be exploited by attackers with legitimate access to the system, potentially leading to unauthorized changes in network configurations. To mitigate this risk, administrators should review and restrict access to port forwarding rules, ensuring that only authorized personnel can make changes. Additionally, monitoring for suspicious activity related to port forwarding rules and verifying compensating controls for exposed systems is crucial while remediation is scheduled and verified.
Defensive priority
High priority should be given to patching or mitigating this vulnerability to prevent potential attacks.
Recommended defensive actions
- Apply the vendor-provided patch or update to a fixed version of Proximus b-box v8c.725A.
- Restrict access to port forwarding rules to only authorized personnel.
- Monitor for suspicious activity related to port forwarding rules.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
Evidence notes
The CVE record was published on 2026-07-09T21:16:54.167Z and was last modified on 2026-07-10T18:53:55.130Z. The NVD entry is currently Deferred. The vulnerability exists in Proximus b-box v8c.725A and allows authenticated attackers to bypass normal restrictions and make arbitrary changes to port forwarding rules due to incorrect access control. Evidence is limited to CVE and NVD details.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T21:16:54.167Z and has not been modified since then. The NVD entry is currently Deferred.