Authentication Bypass in SafeLine SL6 and SL6+ Elevator Emergency Intercom Systems
CVE-2025-4994

8.7HIGH

Key Information:

Vendor: Safeline
Status: Safeline Sl6/sl6+
Vendor: CVE Published:; 22 June 2026

What is CVE-2025-4994?

The SafeLine SL6 and SL6+ devices are susceptible to an authentication bypass vulnerability, enabling attackers to circumvent authentication protocols. This issue affects the Bluetooth Low Energy (BLE) interface, allowing unauthorized personnel within wireless range to access the device's configuration services. Successfully exploiting this flaw can lead to unauthorized administrative control over the emergency intercom settings, potentially compromising security and operational integrity.

Affected Version(s)

SafeLine SL6/SL6+ 4.82 < 4.97

References

https://www.schutzwerk.com/en/blog/schutzwerk-sa-2025-001/

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
May 20, 2025

Credit

The vulnerability was discovered by Jan Hüber of SCHUTZWERK GmbH.

CVE-2025-4994 Data

JSON

Safeline

What is CVE-2025-4994?

Affected Version(s)

References

CVSS V4

Timeline

Credit