Improper Certificate Validation in Alpine iLX-507 Affects TIDAL Music Streaming
CVE-2025-8476

8HIGH

Key Information:

Vendor

Alpine

Status
Ilx-507
Vendor
CVE Published:
1 August 2025

What is CVE-2025-8476?

Alpine's iLX-507 device is susceptible to an improper certificate validation issue within the TIDAL music streaming application. This vulnerability could allow network-adjacent attackers to execute arbitrary code without requiring authentication. By leveraging this flaw alongside other vulnerabilities, attackers can gain root-level access, raising significant security concerns for users of the impacted devices.

Affected Version(s)

iLX-507 6.0.000

References

https://www.zerodayinitiative.com/advisories/ZDI-25-765/
x_research-advisory

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

CVSS V3.0

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-8476 : Improper Certificate Validation in Alpine iLX-507 Affects TIDAL Music Streaming