Unauthorized Access Vulnerability in Zenitel ICX500 and ICX510 Gateway Billing Admin
CVE-2025-59814

9.8CRITICAL

Key Information:

Vendor: Zenitel
Status: Icx500; Icx510
Vendor: CVE Published:; 25 September 2025

What is CVE-2025-59814?

This vulnerability allows unauthorized actors to exploit a weakness in the Zenitel ICX500 and ICX510 Gateway systems, specifically targeting the Billing Admin endpoint. By doing so, attackers can access sensitive information stored within the Billing Admin database, leading to potential data breaches and unauthorized data exposure. It is crucial for organizations utilizing these gateways to implement necessary security updates and mitigate associated risks.

Affected Version(s)

ICX500 <1.4.3.3

ICX510 <1.4.3.3

References

https://wiki.zenitel.com/wiki/ICX_1.4.3.X_-_Release_Notes

release-notes

https://wiki.zenitel.com/wiki/Downloads#ICX-AlphaCom_System

patch

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 25, 2025
Vulnerability Reserved
Sep 22, 2025

JSON