Out-of-Bounds Write Vulnerability in Zenitel TCIV-3+ Device
CVE-2025-64129

7HIGH

Key Information:

Vendor: Zenitel
Status: Tciv-3+
Vendor: CVE Published:; 26 November 2025

What is CVE-2025-64129?

The Zenitel TCIV-3+ is affected by an out-of-bounds write vulnerability that could enable remote attackers to exploit the device's memory management. This flaw may lead to unexpected behaviors such as crashing the device, disrupting normal operation, and potentially facilitating further attacks on connected systems. It is crucial for organizations using the TCIV-3+ to prioritize patching to mitigate these risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

TCIV-3+ 0 <= 9.3.3.0

References

https://wiki.zenitel.com/wiki/Downloads#Station_and_Devic...

https://www.cisa.gov/news-events/ics-advisories/icsa-25-3...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Nov 26, 2025
Vulnerability Reserved
Oct 27, 2025

Credit

Nir Tepper and Noam Moshe of Claroty Team82 reported these vulnerabilities to CISA.

JSON

Zenitel