Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Multiple vulnerabilities in Intellian Technologies Iridium Certus

Posted date 23/05/2025
Identificador
INCIBE-2025-0262
Importance
5 - Critical
Affected Resources

Iridium Certus 700, 1.0.1 version.

Description

INCIBE has coordinated the publication of 4 vulnerabilities, one critical, one high and 2 medium severity affecting Iridium Certus 700, a maritime satellite communication system, which have been discovered by Gabriel González García.

These vulnerabilities have been assigned the following codes, CVSS v4.0 base score, CVSS vector and CWE vulnerability type for each vulnerability:

  • CVE-2025-41377: CVSS v4.0: 9.3 [ CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N | CWE-20
  • CVE-2025-41378: CVSS v4.0: 6.9 | CVSS AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N  | CWE-20
  • CVE-2025-41379: CVSS v4.0: 6.3 | CVSS AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N  | CWE-20
  • CVE-2025-41380: CVSS v4.0: 4.8 | CVSS AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N | CWE-798
Solution

The vulnerabilities have been resolved by the Intellian Technologies team in the Q2 2025 release.

Detail
  • CVE-2025-41377: cryptographic vulnerability in Iridium Certus 700. This vulnerability allows a user to retrieve the encryption key, resulting in the loading of malicious firmware.
  • CVE-2025-41378: the SSID field is not parsed correctly and can be used to inject commands into the hostpad.conf file. This can be exploited by an attacker to extend his knowledge of the system and compromise other devices. The information is filtered by the logs function of the web panel.
  • CVE-2025-41379: the Intellian C700 web panel allows you to add firewall rules. Each of these rules has an associated ID, but there is a problem when adding a new rule, the ID used to create the database entry may be different from the JSON ID. If the rule needs to be deleted later, the system will use the JSON ID and therefore fail. This can be exploited by an attacker to create rules that cannot be deleted unless the device is reset to factory defaults.
  • CVE-2025-41380: Iridium Certus 700 version 1.0.1 has an embedded credentials vulnerability in the code. This vulnerability allows a local user to retrieve the SSH hash string.
References list
Iridium Certus® 700
Etiquetas