CVE-2025-40841 identifies a Cross-Site Request Forgery (CSRF) vulnerability in Ericsson Indoor Connect 8855 devices, specifically in versions prior to 2025.Q3. CSRF vulnerabilities occur when a web application does not properly verify that a state-changing request originates from an authenticated and authorized user, allowing attackers to craft malicious requests that a victim’s browser executes unknowingly. In this case, the vulnerability enables unauthorized modification of certain device information, potentially altering configuration settings or operational parameters. The CVSS 4.0 base score of 5.1 reflects a medium severity, with an attack vector of network (remote), low attack complexity, no privileges required, but requiring user interaction (victim must be authenticated and visit a malicious site). The vulnerability impacts integrity but not confidentiality or availability, and no scope change occurs. The lack of known exploits in the wild suggests limited current exploitation, but the risk remains due to the device’s role in indoor cellular connectivity. Ericsson Indoor Connect 8855 is used to enhance indoor mobile coverage, often deployed in enterprise, public venues, and critical infrastructure environments. The absence of official patch links indicates that remediation may be pending or requires vendor coordination. The vulnerability is cataloged under CWE-352, a common web security weakness related to CSRF attacks. Mitigation involves applying vendor patches, implementing anti-CSRF tokens, enforcing strict referer validation, and restricting administrative access to trusted networks.

The primary impact of this vulnerability is unauthorized modification of device settings, which can undermine the integrity of Ericsson Indoor Connect 8855 units. Such unauthorized changes could degrade indoor cellular coverage, disrupt communications, or expose the network to further attacks if security configurations are altered. While confidentiality and availability are not directly affected, integrity compromises in telecom infrastructure can have cascading effects on service reliability and trust. Organizations relying on these devices for indoor mobile connectivity—such as enterprises, hospitals, government facilities, and public venues—may experience operational disruptions or security policy violations. Attackers exploiting this vulnerability could leverage it as a foothold for more advanced attacks or to cause denial of service indirectly. Given the device’s role in supporting mobile network coverage, the vulnerability poses a moderate risk to telecommunications service quality and operational continuity.

Organizations should immediately verify the firmware version of their Ericsson Indoor Connect 8855 devices and plan to upgrade to version 2025.Q3 or later once available. In the interim, network administrators should restrict access to the device’s management interface to trusted internal networks and enforce strong authentication mechanisms. Implementing web application firewalls (WAFs) that detect and block CSRF attack patterns can provide additional protection. Administrators should also ensure that browsers and endpoints accessing the device management interface are secured and educate users about the risks of interacting with untrusted websites. Network segmentation can limit exposure by isolating the device management network from general user traffic. Monitoring device logs for unusual configuration changes and employing intrusion detection systems (IDS) can help detect exploitation attempts. Finally, coordinate with Ericsson support channels to obtain official patches and security advisories promptly.