CVE-2025-30515 is a critical vulnerability identified in the CyberData 011209 SIP Emergency Intercom device. The vulnerability is classified under CWE-35, which corresponds to Path Traversal issues. This flaw allows an authenticated attacker to upload arbitrary files to multiple locations within the system. The vulnerability has a CVSS v3.1 base score of 9.8, indicating a critical severity level. The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) reveals that the attack can be performed remotely over the network without requiring any privileges or user interaction, and it impacts confidentiality, integrity, and availability at a high level. Technically, the vulnerability arises because the device's file upload functionality does not properly validate or sanitize file paths, allowing attackers to traverse directories and place malicious files in arbitrary locations. This can lead to full system compromise, including the execution of malicious code, data exfiltration, or disruption of device functionality. Since the device is a SIP Emergency Intercom, it is likely deployed in critical communication environments such as public safety, industrial facilities, or enterprise buildings, where availability and integrity of communication are paramount. No patches or mitigations have been officially released yet, and there are no known exploits in the wild at the time of publication. However, the ease of exploitation combined with the critical impact makes this vulnerability a significant threat to organizations using this product.

For European organizations, the impact of this vulnerability can be severe. The CyberData 011209 SIP Emergency Intercom is typically used in environments requiring reliable emergency communication, such as hospitals, transportation hubs, educational institutions, and government buildings. Exploitation could allow attackers to disrupt emergency communication systems, potentially endangering lives and causing operational downtime. Confidentiality breaches could expose sensitive communication or facility information, while integrity compromises could allow attackers to inject false messages or commands. Availability impacts could result in denial of emergency communication services. Given the critical nature of emergency intercoms, any disruption or compromise could have cascading effects on public safety and organizational resilience. Additionally, the ability to upload arbitrary files could be leveraged to establish persistent footholds or pivot to other network segments, increasing the risk of broader network compromise.

Since no official patches are currently available, European organizations should implement immediate compensating controls. First, restrict network access to the CyberData 011209 devices by placing them behind firewalls or network segmentation to limit exposure to untrusted networks. Enforce strict authentication and access controls to ensure only authorized personnel can interact with the device. Monitor device logs and network traffic for unusual file upload activity or unexpected file changes. Employ intrusion detection/prevention systems (IDS/IPS) tuned to detect path traversal or anomalous file operations. If possible, disable or limit file upload functionality until a patch is released. Maintain an inventory of all deployed CyberData 011209 devices and prioritize their remediation. Once a vendor patch is available, apply it promptly and verify the fix. Additionally, conduct regular security assessments and penetration tests focused on these devices to identify residual risks.