anonhaven
Ad

CVE-2025-40841

MEDIUM CVSS 4.0: 5.1 EPSS 0.01%
Updated Mar 27, 2026
Ericsson
Parameter Value
CVSS 5.1 (MEDIUM)
Affected Versions before 2025.q3
Fixed In 2025.q3
Type CWE-352 (Cross-Site Request Forgery (CSRF))
Vendor Ericsson
Public PoC No

Ericsson Indoor Connect 8855 versions prior to 2025.Q3 contains a Cross-Site Request Forgery (CSRF) vulnerability which, if exploited, can lead to unauthorized modification of certain information.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
Low
Basic privileges needed
User Interaction
Passive
Minimal interaction

Impact Assessment

Confidentiality
None
No data leak
Integrity
Low
Partial data modification
Availability
None
No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-352 Cross-Site Request Forgery (CSRF)

Vulnerable Products 2

Configuration From (including) Up to (excluding)
Ericsson Indoor_Connect_8855_Firmware
cpe:2.3:o:ericsson:indoor_connect_8855_firmware:*:*:*:*:*:*:*:*
 2025.q3
Ericsson Indoor_Connect_8855
cpe:2.3:h:ericsson:indoor_connect_8855:-:*:*:*:*:*:*:*

References 2

https://www.ericsson.com/en/about-us/security/psirt/CVE-2025-40841
85b1779b-6ecd-4f52-bcc5-73eac4659dcf
https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-indoorcon…
85b1779b-6ecd-4f52-bcc5-73eac4659dcf
Share Post Share Share Share

Related Vulnerabilities

CVE-2025-40842

Ericsson

8.5

CVE-2025-27260

Ericsson

7.2

CVE-2025-40843

Ericsson

5.9

CVE-2025-1300

Ericsson

6.1

CVE-2024-53829

Ericsson

8.2