CVE-2025-30507 is a medium-severity vulnerability identified in the CyberData 011209 SIP Emergency Intercom device. The vulnerability is classified under CWE-89, which corresponds to SQL Injection flaws. Specifically, this vulnerability allows an unauthenticated attacker to perform blind SQL injection attacks against the device. Blind SQL injection means the attacker can infer sensitive information from the database by sending crafted queries and analyzing the device's responses, even though direct output of database errors or data is not available. The vulnerability does not require any authentication or user interaction, and the attack vector is network-based (AV:N), meaning it can be exploited remotely over the network. The CVSS v3.1 base score is 5.3, indicating a medium severity level. The impact is limited to confidentiality (C:L), with no impact on integrity or availability. The affected product is the CyberData 011209 SIP Emergency Intercom, a device used in emergency communication systems, typically deployed in public safety and industrial environments. No patches or known exploits in the wild have been reported as of the publication date (June 9, 2025). The vulnerability arises from improper sanitization of user-supplied input in SQL queries, allowing attackers to extract sensitive information from the backend database without authentication. Given the nature of the device, which is often integrated into critical communication infrastructure, the exposure of sensitive information could aid attackers in further reconnaissance or targeted attacks.

For European organizations, the exploitation of this vulnerability could lead to unauthorized disclosure of sensitive information stored within the CyberData 011209 SIP Emergency Intercom systems. Since these devices are used in emergency communication, information leakage could expose network configurations, user credentials, or other operational details that attackers could leverage to compromise broader communication infrastructure. This could degrade trust in emergency systems and potentially delay response times in critical situations if attackers use the information to plan further attacks. Although the vulnerability does not directly impact system integrity or availability, the confidentiality breach could facilitate subsequent attacks such as unauthorized access or denial of service. Organizations involved in public safety, industrial control, or critical infrastructure sectors are particularly at risk. Additionally, the lack of authentication requirement for exploitation increases the risk of remote attacks from external threat actors. The absence of known exploits in the wild currently reduces immediate risk, but the medium severity score and the critical nature of the device's role warrant proactive mitigation.

1. Immediate mitigation should include network segmentation to isolate the CyberData 011209 SIP Emergency Intercom devices from untrusted networks, limiting exposure to potential attackers. 2. Implement strict firewall rules to restrict access to the device management interfaces only to trusted IP addresses and administrative personnel. 3. Monitor network traffic for unusual or suspicious SQL injection patterns targeting the device. 4. Since no official patches are currently available, coordinate with CyberData support for any upcoming firmware updates addressing this vulnerability and apply them promptly once released. 5. Employ Web Application Firewalls (WAF) or Intrusion Prevention Systems (IPS) capable of detecting and blocking SQL injection attempts against the device. 6. Conduct regular security assessments and penetration tests focusing on the intercom system to identify any other potential vulnerabilities. 7. Maintain an inventory of all deployed CyberData 011209 devices and ensure they are included in the organization's vulnerability management program. 8. Educate operational technology (OT) and security teams about this vulnerability and the importance of monitoring and protecting these devices.