Resource Allocation Vulnerability in Shelly Pro 4PM by Shelly
CVE-2025-11243

8.3HIGH

Key Information:

Vendor: Shelly
Status: Pro 4pm
Vendor: CVE Published:; 19 November 2025

What is CVE-2025-11243?

A resource allocation vulnerability exists in the Shelly Pro 4PM (versions prior to v1.6), which allows excessive resource allocation over the network. This issue may lead to performance degradation and potential denial of service if exploited. Users are advised to update to the latest version to mitigate risks associated with this vulnerability.

Affected Version(s)

Pro 4PM 0 < 1.6

References

https://www.nozominetworks.com/labs/vulnerability-advisor...

third-party-advisory

https://www.nozominetworks.com/blog/shelly-pro-4pm-vulner...

CVSS V4

Score:

8.3

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 19, 2025
Vulnerability Reserved
Oct 2, 2025

Credit

Gabriele Quagliarella at Nozomi Networks

JSON