Improper Authentication Handling in Digi PortServer and Digi One Products
CVE-2025-3659
9.4CRITICAL
Key Information:
- Vendor
Digi International
- Vendor
- CVE Published:
- 12 May 2025
What is CVE-2025-3659?
A security flaw involving improper authentication handling has been detected in various Digi products, including Digi PortServer TS and Digi One series. Malicious actors may exploit this vulnerability by sending specially crafted HTTP POST requests to the web interface, which could allow them to alter critical configuration settings without authentication. This can lead to unauthorized access and potential disruption of services. Users of affected devices are advised to review the applicable firmware versions and apply necessary security patches to enhance their defenses against this vulnerability.
Affected Version(s)
Digi One IAP 0 <= 82000770 Z
Digi One SP/Digi One SP IA/Digi One IA 0 <= 82000774_Z
Digi PortServer TS 0 <= 82000747_AA
