Database Query Vulnerability in Zenitel's Billing Admin System
CVE-2025-59816

8.1HIGH

Key Information:

Vendor: Zenitel
Status: Icx500; Icx510
Vendor: CVE Published:; 25 September 2025

What is CVE-2025-59816?

This vulnerability in Zenitel's Billing Admin System allows attackers to execute direct database queries, enabling unauthorized access to sensitive data. The flaw potentially exposes user credentials, which are stored in plaintext within the database. This lack of encryption significantly heightens the risk of data breaches, as malicious actors could gain unrestricted access to all stored information, including private user data.

Affected Version(s)

ICX500 <1.4.3.3

ICX510 <1.4.3.3

References

https://wiki.zenitel.com/wiki/ICX_1.4.3.X_-_Release_Notes

release-notes

https://wiki.zenitel.com/wiki/Downloads#ICX-AlphaCom_System

patch

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 25, 2025
Vulnerability Reserved
Sep 22, 2025

JSON