Configuration Management Vulnerability in Radiflow iSAP Smart Collector
CVE-2025-3498

9.9CRITICAL

Key Information:

Vendor: Radiflow
Status: ISAP Smart Collector
Vendor: CVE Published:; 9 July 2025

What is CVE-2025-3498?

The Radiflow iSAP Smart Collector is vulnerable to unauthorized access due to multiple unauthenticated REST APIs exposed on the management network. These APIs, accessible over TCP ports 8084 and 8086, allow an attacker with network access to retrieve and alter the device’s configuration settings. This exposure enables malicious users to execute various commands, including system reboots, undermining the security of the system and potentially leading to further exploitation.

Affected Version(s)

iSAP Smart Collector Linux 1.20 < 3.02-1

References

https://www.cvcn.gov.it/cvcn/cve/CVE-2025-3498

government-resource

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2025
Vulnerability Reserved
Apr 10, 2025