Improper Authentication Handling in Digi PortServer and Digi One Products
CVE-2025-3659

9.4CRITICAL

What is CVE-2025-3659?

A security flaw involving improper authentication handling has been detected in various Digi products, including Digi PortServer TS and Digi One series. Malicious actors may exploit this vulnerability by sending specially crafted HTTP POST requests to the web interface, which could allow them to alter critical configuration settings without authentication. This can lead to unauthorized access and potential disruption of services. Users of affected devices are advised to review the applicable firmware versions and apply necessary security patches to enhance their defenses against this vulnerability.

Affected Version(s)

Digi One IAP 0 <= 82000770 Z

Digi One SP/Digi One SP IA/Digi One IA 0 <= 82000774_Z

Digi PortServer TS 0 <= 82000747_AA

References

CVSS V4

Score:
9.4
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.