SQL Injection Vulnerability in Ericsson Indoor Connect 8855
CVE-2025-27261

8.7HIGH

Key Information:

Vendor: Ericsson
Status: Indoor Connect 8855
Vendor: CVE Published:; 25 September 2025

What is CVE-2025-27261?

Ericsson's Indoor Connect 8855 has a vulnerability that allows for SQL injection attacks. Exploiting this flaw could enable an attacker to access and modify sensitive user information and configuration settings, posing a significant risk to data integrity and confidentiality.

Affected Version(s)

Indoor Connect 8855 0

References

https://www.ericsson.com/en/about-us/security/psirt/e2025...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 25, 2025
Vulnerability Reserved
Feb 21, 2025

Credit

Telstra

JSON