CVE-2025-0626

Published Jan 30, 2025

Last updated a year ago

CVSS high 7.7

Overview

Description
The "monitor" binary in the firmware of the affected product attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function also enables the network interface of the device if it is disabled. The function is triggered by attempting to update the device from the user menu. This could serve as a backdoor to the device, and could lead to a malicious actor being able to upload and overwrite files on the device.
Source
ics-cert@hq.dhs.gov
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
7.7
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
5.9
Exploitability score
1.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

ics-cert@hq.dhs.gov
CWE-912

Social media

Hype score
Not currently trending

  1. [HIGH] CVE-2025-0626: High Severity Zero-Day Vulnerability CVE-2025-0626 has a CVSS score of 7.5; active exploits exist; no patch available. CVE: CVE-2025-0626 • APT: N/A • Status: ACTIVE Immediate mitigation required due to active expl… https://t.co/Ft49smD4wZ

    @MysocAi

    25 Feb 2026

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🔶 [HIGH] CVE-2025-0626 in Multiple Products High-severity zero-d… 🔴 CVE: CVE-2025-0626 🕵️ APT: Unknown ⚡ Status: ACTIVE 🎯 MITRE: Execution, Persistence ⚔️ Affects various software products. 🔗 https://t.co/Ft49smD4wZ #mysocAi #CyberSecurityusingAi #Vulne

    @MysocAi

    23 Feb 2026

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Actively exploited CVE : CVE-2025-0626

    @transilienceai

    9 Feb 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. Actively exploited CVE : CVE-2025-0626

    @transilienceai

    9 Feb 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Actively exploited CVE : CVE-2025-0626

    @transilienceai

    7 Feb 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Actively exploited CVE : CVE-2025-0626

    @transilienceai

    6 Feb 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. Actively exploited CVE : CVE-2025-0626

    @transilienceai

    5 Feb 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. 66 new OPEN, 95 new PRO (66 + 29) Lumma Stealer, TA2726, LandUpdate808, Soc Gholish, ZPHP, CVE-CVE-2025-0626, 2024-45607, 2024-57727, 2024-37397 and more. https://t.co/9XRMiB86dD

    @ET_Labs

    3 Feb 2025

    314 Impressions

    1 Retweet

    5 Likes

    1 Bookmark

    0 Replies

    1 Quote

  9. U.S. CISA & FDA warn of a hidden backdoor in Contec CMS8000 & Epsimed MN-120 patient monitors. Critical flaws (CVE-2025-0626, CVE-2025-0683, CVE-2024-12248) risk unauthorized access, patient data leaks & RCE. #Vulnerability #CyberSecurity #hackinginquiry https://t.co

    @kevin___hack

    1 Feb 2025

    67 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. U.S. CISA & FDA warn of a hidden backdoor in Contec CMS8000 & Epsimed MN-120 patient monitors. Critical flaws (CVE-2025-0626, CVE-2025-0683, CVE-2024-12248) risk unauthorized access, patient data leaks & RCE. #Vulnerability #CyberSecurity #hackinginquiry https://t.co

    @dean95196196583

    1 Feb 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Threat Alert: CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors CVE-2025-0626 Severity: ⚠️ Critical Maturity: 🧨 Trending Learn more: https://t.co/gY4dPr1Wao #CyberSecurity #ThreatIntel #InfoSec

    @fletch_ai

    1 Feb 2025

    132 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. •#Vulnerability Impact: CVE-2025-0626 allows remote access and file manipulation on the device. •Vulnerability Severity: CVSS v4 score of 7.7 out of 10.0. •Vulnerability Description: The device sends remote access requests to a hard-coded IP address. https://t.co/DPabmm2iZa

    @GHak2learn27752

    1 Feb 2025

    196 Impressions

    1 Retweet

    4 Likes

    1 Bookmark

    1 Reply

    1 Quote

  13. U.S. CISA & FDA warn of a hidden backdoor in Contec CMS8000 & Epsimed MN-120 patient monitors. Critical flaws (CVE-2025-0626, CVE-2025-0683, CVE-2024-12248) risk unauthorized access, patient data leaks & RCE. https://t.co/DXJpxkexAd #Vulnerability #CyberSecurity #Hac

    @hackingspace

    1 Feb 2025

    469 Impressions

    3 Retweets

    7 Likes

    0 Bookmarks

    2 Replies

    1 Quote

  14. CVE-2025-0626 The affected product sends out remote access requests to a hard-coded IP address, bypassing existing device network settings to do so. This could serve as a backdoor an… https://t.co/7T6qIu8Prm

    @CVEnew

    30 Jan 2025

    321 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.