Unsafe Java Deserialization Vulnerability in Kaleris NAVIS N4 ULC
CVE-2025-2566

9.3CRITICAL

Key Information:

Vendor: Kaleris
Status: Navis N4
Vendor: CVE Published:; 24 June 2025

What is CVE-2025-2566?

The Kaleris NAVIS N4 ULC (Ultra Light Client) presents an unsafe Java deserialization vulnerability that allows unauthenticated attackers to craft specific requests. These requests could lead to arbitrary code execution on the server, posing a significant risk to the integrity and security of the system. Proper security measures and updates are essential to mitigate potential threats associated with this vulnerability.

Affected Version(s)

Navis N4 0 < 4.0

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...

government-resource

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2025
Vulnerability Reserved
Mar 20, 2025