CVE-2025-5087 is a medium-severity information-disclosure issue in Kaleris Navis N4. According to the CISA CSAF advisory published on 2025-06-24, the Ultra Light Client (ULC) communicates insecurely over HTTP using zlib-compressed data. If an attacker can observe traffic between ULC clients and N4 servers, they may recover sensitive information, including plaintext credentials. Kaleris lists fixed release [truncated]
CVE-2025-2566 is a critical remote code execution issue in Kaleris Navis N4 ULC (Ultra Light Client). According to the CISA CSAF advisory published on 2025-06-24, an unauthenticated attacker can send specially crafted requests that trigger unsafe Java deserialization and execute arbitrary code on the server. The affected product scope in the advisory is Kaleris Navis N4 versions below 4.0, with vendor fix [truncated]