Improper Certificate Validation in Alpine iLX-507 Affects TIDAL Music Streaming
CVE-2025-8476
8HIGH
What is CVE-2025-8476?
Alpine's iLX-507 device is susceptible to an improper certificate validation issue within the TIDAL music streaming application. This vulnerability could allow network-adjacent attackers to execute arbitrary code without requiring authentication. By leveraging this flaw alongside other vulnerabilities, attackers can gain root-level access, raising significant security concerns for users of the impacted devices.
Affected Version(s)
iLX-507 6.0.000
References
CVSS V3.1
Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
CVSS V3.0
Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved