Denial of Service Vulnerability in INSTAR 2K+ and 4K Backend IPC Server
CVE-2025-8761

8.7HIGH

Key Information:

Vendor: Instar
Status: 2k+; 4k
Vendor: CVE Published:; 13 August 2025

Badges

👾 Exploit Exists

What is CVE-2025-8761?

A critical vulnerability has been identified in the INSTAR 2K+ and 4K series, specifically within the Backend IPC Server component. This vulnerability allows for potential denial of service attacks that can be initiated remotely, disrupting the normal operations of the affected devices. As the exploit has already been disclosed to the public, it poses a significant threat to users of the identified versions. Organizations utilizing these products are advised to apply available security patches and closely monitor their systems for any unusual activity.

Affected Version(s)

2K+ 3.11.1 Build 1124

4K 3.11.1 Build 1124

References

https://vuldb.com/?id.319864

vdb-entry

https://vuldb.com/?ctiid.319864

signaturepermissions-required

https://modzero.com/static/MZ-25-03_modzero_INSTAR.pdf

exploit

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Aug 13, 2025
👾
Exploit known to exist
Aug 13, 2025
Vulnerability published
Aug 13, 2025
Vulnerability Reserved
Aug 8, 2025

Credit

Michael Imfeld (modzero AG)

Instar

Badges

What is CVE-2025-8761?

Affected Version(s)

References

CVSS V4

Timeline

Credit