Configuration Management Vulnerability in Radiflow iSAP Smart Collector
CVE-2025-3498

9.9CRITICAL

Key Information:

Vendor

Radiflow

Vendor
CVE Published:
9 July 2025

What is CVE-2025-3498?

The Radiflow iSAP Smart Collector is vulnerable to unauthorized access due to multiple unauthenticated REST APIs exposed on the management network. These APIs, accessible over TCP ports 8084 and 8086, allow an attacker with network access to retrieve and alter the device’s configuration settings. This exposure enables malicious users to execute various commands, including system reboots, undermining the security of the system and potentially leading to further exploitation.

Affected Version(s)

iSAP Smart Collector Linux 1.20 < 3.02-1

References

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-3498 : Configuration Management Vulnerability in Radiflow iSAP Smart Collector