CVE-2025-41379 is a medium severity vulnerability identified in the Intellian Technologies Iridium Certus 700 satellite communication device, specifically in its web panel interface used for managing firewall rules. The vulnerability arises from improper input validation (CWE-20) when adding new firewall rules. Each firewall rule is assigned an ID used internally in the device's database and also represented as a JSON ID in the web interface. Due to a discrepancy between the database ID and the JSON ID during rule creation, the system fails to properly synchronize these identifiers. Consequently, when an attempt is made to delete a previously added rule, the system uses the JSON ID, which does not match the database ID, causing the deletion operation to fail. This flaw can be exploited by an attacker with at least limited privileges (low privileges required, no user interaction needed) to create firewall rules that cannot be removed through normal means. The only way to remove these persistent rules is to reset the device to factory defaults, which can cause operational disruption. The vulnerability has a CVSS 4.0 base score of 6.3, reflecting its network attack vector, low attack complexity, no privileges required for exploitation, and no user interaction needed. The scope is high, indicating that the vulnerability affects components beyond the initially vulnerable component. No known exploits are currently reported in the wild, and no patches have been published yet. This vulnerability could be leveraged by attackers to create persistent firewall rules that may disrupt network traffic or interfere with device operations, potentially impacting the availability and reliability of satellite communications provided by the Iridium Certus 700 device.

For European organizations relying on satellite communication services provided by Intellian's Iridium Certus 700 devices, this vulnerability poses a risk to operational continuity and network availability. The inability to delete malicious or erroneous firewall rules could lead to persistent network misconfigurations, potentially blocking critical communication channels or allowing unauthorized traffic if combined with other vulnerabilities. This is particularly significant for maritime, defense, emergency response, and remote infrastructure sectors where Iridium Certus 700 devices are commonly deployed for reliable satellite connectivity. Disruptions could affect data transmission, command and control operations, and safety communications. Additionally, forced factory resets to remediate the issue could cause service downtime and require physical access to devices, complicating incident response. While the vulnerability does not directly expose sensitive data or allow code execution, the impact on availability and operational integrity is notable. European entities operating in remote or critical environments with limited physical access to devices are especially vulnerable to prolonged service interruptions.

To mitigate this vulnerability, European organizations should implement the following specific measures: 1) Restrict access to the Intellian C700 web panel strictly to trusted administrators using network segmentation and strong authentication mechanisms, minimizing the risk of unauthorized rule creation. 2) Monitor firewall rule configurations regularly and maintain logs to detect anomalous or persistent rules that cannot be deleted. 3) Establish procedures for rapid physical access or remote management capabilities to perform factory resets if necessary, minimizing downtime. 4) Engage with Intellian Technologies for timely updates and patches addressing this vulnerability; prioritize patch deployment once available. 5) Consider deploying compensating controls such as external firewall devices or network-level filtering to limit the impact of potentially malicious firewall rules on the device. 6) Train operational staff on recognizing symptoms of this issue and on incident response protocols to handle persistent firewall rule scenarios. 7) Where possible, implement multi-factor authentication and limit administrative privileges to reduce the risk of exploitation by low-privilege attackers.