CVE-2025-28171 is a security vulnerability identified in Grandstream UCM6510 devices running firmware version 1.0.20.52 and earlier. The vulnerability allows a remote attacker to obtain sensitive information through the device's Login function accessible via the /cgi and /webrtccgi endpoints. These endpoints are part of the web interface used for device management and WebRTC communications, respectively. The flaw likely involves improper access controls or insufficient input validation that enables unauthorized disclosure of sensitive data, potentially including authentication tokens, configuration details, or user credentials. Since the vulnerability can be exploited remotely without authentication, it poses a significant risk to the confidentiality of the system. The Grandstream UCM6510 is a Unified Communications Manager appliance widely used in enterprise telephony and VoIP deployments, making this vulnerability particularly relevant for organizations relying on these devices for their communication infrastructure. No CVSS score has been assigned yet, and there are no known exploits in the wild at the time of publication. The absence of patch links suggests that a fix may not yet be available, emphasizing the need for immediate mitigation steps to protect affected systems.

For European organizations, the impact of CVE-2025-28171 could be substantial, especially for those utilizing Grandstream UCM6510 devices in their telephony and unified communications infrastructure. Successful exploitation could lead to unauthorized disclosure of sensitive information such as administrative credentials or configuration data, which could then be leveraged for further attacks including unauthorized access, interception of communications, or disruption of services. Given the critical role of VoIP and unified communication systems in business operations, this vulnerability could compromise confidentiality and potentially integrity of communications. Additionally, exposure of sensitive information could lead to regulatory compliance issues under GDPR, resulting in legal and financial repercussions. The risk is heightened in sectors with stringent data protection requirements such as finance, healthcare, and government institutions across Europe.

1. Immediate network-level restrictions: Limit access to the UCM6510 management interfaces (/cgi and /webrtccgi) to trusted IP addresses only, ideally via VPN or secure management networks. 2. Implement strict firewall rules to block unauthorized external access to the device's web management ports. 3. Monitor network traffic for unusual access patterns targeting the vulnerable endpoints. 4. Enforce strong authentication and session management policies on the device to reduce the risk of credential compromise. 5. Regularly audit device configurations and logs for signs of exploitation attempts. 6. Engage with Grandstream support or official channels to obtain and apply security patches or firmware updates as soon as they become available. 7. Consider deploying intrusion detection/prevention systems (IDS/IPS) tuned to detect exploitation attempts against these endpoints. 8. Educate IT and security teams about this vulnerability to ensure rapid response and remediation.