CVE-2025-0681 affects New Rock Technologies Cloud Connected Devices, including OM500 IP-PBX, MX8G VoIP Gateway, and NRP1302/P Desktop IP Phone. The advisory says the Cloud MQTT service supports wildcard topic subscription, which could let an attacker obtain sensitive information by tapping service communications. CISA assigns the issue a medium CVSS 3.1 score of 6.2, with confidentiality impact only.
CRITICALNew Rock TechnologiesCVE published 2025-01-30
CVE-2025-0680 is a critical remote compromise issue affecting New Rock Technologies cloud-connected devices. According to CISA, the flaw is in the device cloud RPC command handling process and could allow remote attackers to take control of arbitrary devices connected to the cloud. CISA lists affected products as the OM500 IP-PBX, MX8G VoIP Gateway, and NRP1302/P Desktop IP Phone, with all versions noted [truncated]
