SQL Injection Vulnerability in Ericsson Indoor Connect 8855
CVE-2025-27261

8.7HIGH

Key Information:

Vendor

Ericsson

Status
Indoor Connect 8855
Vendor
CVE Published:
25 September 2025

What is CVE-2025-27261?

Ericsson's Indoor Connect 8855 has a vulnerability that allows for SQL injection attacks. Exploiting this flaw could enable an attacker to access and modify sensitive user information and configuration settings, posing a significant risk to data integrity and confidentiality.

Affected Version(s)

Indoor Connect 8855 0

References

https://www.ericsson.com/en/about-us/security/psirt/e2025...

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Telstra
JSON
.
CVE-2025-27261 : SQL Injection Vulnerability in Ericsson Indoor Connect 8855