CVE-2025-41361 is a high-severity vulnerability classified under CWE-400, which pertains to uncontrolled resource consumption. This vulnerability affects specific versions of ZIV's IDF (v0.10.0-0C03-03) and ZLF (v0.10.0-0C03-04) products. The root cause lies in improper handling of TLS requests on PROCOME sockets. When TLS requests are sent to these configured and active PROCOME ports with communications encryption enabled, the devices improperly process these requests, leading to resource exhaustion that causes the devices to reboot unexpectedly. This results in a denial of service (DoS) condition. Exploitation does not require authentication or user interaction, and the attack vector is network-based, making it remotely exploitable. The CVSS 4.0 base score is 8.3, reflecting a high severity due to the ease of exploitation (low attack complexity), no privileges required, and significant impact on availability. The vulnerability does not affect confidentiality or integrity directly but severely impacts availability by causing device reboots. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability requires that PROCOME ports be configured and active with encryption enabled, which may limit the attack surface depending on deployment configurations. However, given the critical role of these devices in network infrastructure, the impact of a successful attack could be substantial.

For European organizations using ZIV IDF and ZLF devices, this vulnerability poses a significant risk to network stability and availability. These devices are likely used in critical infrastructure or industrial environments where continuous operation is essential. A successful exploitation could lead to repeated device reboots, causing network outages, disruption of services, and potential cascading failures in dependent systems. This could affect sectors such as manufacturing, energy, transportation, and telecommunications, where ZIV products might be deployed. The denial of service could result in operational downtime, financial losses, and reputational damage. Moreover, the lack of authentication requirements for exploitation increases the risk of remote attacks from external threat actors. European organizations with stringent uptime requirements and regulatory compliance obligations (e.g., NIS Directive) could face compliance issues if affected by this vulnerability. The absence of known exploits in the wild provides a window for proactive mitigation, but the high CVSS score underscores the urgency of addressing this issue.

1. Immediate network segmentation: Isolate devices running vulnerable versions of ZIV IDF and ZLF from untrusted networks to limit exposure. 2. Disable or restrict PROCOME ports if not required, or configure them to minimize exposure to external networks. 3. Monitor network traffic for unusual TLS requests targeting PROCOME ports to detect potential exploitation attempts. 4. Implement strict firewall rules to control access to PROCOME ports, allowing only trusted sources. 5. Engage with ZIV vendor support to obtain patches or firmware updates addressing this vulnerability as soon as they become available. 6. Develop and test incident response plans specifically for device reboot or DoS scenarios involving these products. 7. Maintain up-to-date asset inventories to quickly identify affected devices and prioritize remediation. 8. Consider deploying network-based DoS protection mechanisms that can detect and block malformed or excessive TLS requests targeting these ports. 9. Conduct regular vulnerability assessments and penetration tests focusing on these devices to validate the effectiveness of mitigations.