CVE-2025-3659 is a critical security vulnerability classified under CWE-287 (Improper Authentication) affecting multiple product families from Digi International, specifically the Digi PortServer TS, Digi One SP, Digi One SP IA, Digi One IA, and Digi One IAP devices. These devices are used for serial-to-Ethernet connectivity and remote device management in industrial, enterprise, and critical infrastructure environments. The vulnerability arises from improper handling of authentication in certain HTTP POST requests to the device’s web interface. An attacker can craft a specially designed POST request that bypasses authentication controls, allowing them to modify configuration settings on the affected devices without any prior authentication or user interaction. This flaw exists in firmware versions prior to and including builds dated June 17, 2022, for Digi PortServer TS, and October 19, 2020, for the Digi One product lines. The vulnerability has a CVSS 4.0 base score of 9.4, indicating critical severity, with attack vector being adjacent network (AV:A), low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. Exploitation could lead to unauthorized configuration changes that may disrupt device operation, compromise network security, or enable further attacks within the network. No public exploits are currently known, but the high severity and ease of exploitation make this a significant threat to organizations using these devices.

For European organizations, the impact of CVE-2025-3659 can be substantial, especially for industries relying on Digi International’s serial device servers for critical infrastructure, manufacturing automation, telecommunications, and enterprise network management. Unauthorized modification of device configurations could lead to network disruptions, data interception, or pivoting attacks within internal networks. This could compromise operational continuity, data confidentiality, and integrity, potentially affecting compliance with EU regulations such as GDPR and NIS Directive. Industrial control systems and critical infrastructure sectors in Europe, which often use these devices for remote management, are particularly at risk. The vulnerability’s ability to be exploited without authentication and user interaction increases the likelihood of successful attacks, possibly leading to service outages or unauthorized access to sensitive systems. Given the strategic importance of secure network management in European industries, this vulnerability poses a high operational and reputational risk.

1. Immediate firmware upgrade: Organizations should prioritize updating affected Digi International devices to the latest firmware versions that address this authentication flaw. Contact Digi International support or check their official channels for patched firmware releases. 2. Network segmentation: Isolate affected devices on dedicated network segments with strict access controls to limit exposure to adjacent network attackers. 3. Access control enforcement: Restrict management interface access to trusted IP addresses and use VPNs or secure tunnels for remote management. 4. Monitor network traffic: Implement intrusion detection/prevention systems (IDS/IPS) to detect anomalous HTTP POST requests targeting device web interfaces. 5. Disable web management interface if not required or replace with more secure management methods. 6. Conduct regular security audits and penetration testing focusing on device management interfaces. 7. Implement multi-factor authentication (MFA) where possible on management interfaces to add an additional layer of security. 8. Maintain an inventory of all affected devices to ensure comprehensive patch management and risk assessment.