CVE-2025-49480: CWE-125 Out-of-bounds Read in ASR Falcon_Linux、Kestrel、Lapwing_Linux
Out-of-bounds access in ASR180x 、ASR190x in lte-telephony, This vulnerability is associated with program files apps/lzma/src/LzmaEnc.c. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
AI Analysis
Technical Summary
CVE-2025-49480 is a high-severity vulnerability classified as CWE-125, an out-of-bounds read, affecting ASR's Falcon_Linux, Kestrel, and Lapwing_Linux products, specifically versions prior to v1536. The flaw resides in the LTE telephony component of ASR180x and ASR190x devices, within the LZMA compression implementation (apps/lzma/src/LzmaEnc.c). An out-of-bounds read occurs when the software reads memory outside the intended buffer bounds, potentially leading to information disclosure, data corruption, or triggering undefined behavior that could be leveraged for further exploitation. The CVSS 3.1 base score of 7.4 indicates a high severity, with an attack vector of network (AV:N), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), and scope change (S:C). The impact includes low confidentiality, integrity, and availability impacts individually, but combined with scope change, the overall effect is significant. No known exploits are currently reported in the wild, and no patches are linked yet, indicating a need for vigilance and proactive mitigation. The vulnerability affects critical telephony infrastructure components embedded in ASR's Linux-based products, which are likely used in telecommunications environments for LTE services.
Potential Impact
For European organizations, especially telecom operators and infrastructure providers relying on ASR's Falcon_Linux, Kestrel, and Lapwing_Linux platforms, this vulnerability poses a significant risk. Exploitation could allow attackers to remotely read out-of-bounds memory, potentially leaking sensitive information such as cryptographic keys, configuration data, or user information. Given the scope change, the vulnerability could be leveraged to affect other components or escalate privileges, impacting the integrity and availability of LTE telephony services. Disruption or compromise of LTE infrastructure can degrade network reliability, affect end-user connectivity, and cause regulatory and reputational damage. Critical national infrastructure and emergency communication systems that depend on these platforms are particularly at risk. The lack of known exploits currently provides a window for mitigation before active attacks emerge.
Mitigation Recommendations
European organizations should immediately identify deployments of ASR Falcon_Linux, Kestrel, and Lapwing_Linux products, focusing on versions prior to v1536. Until official patches are released, network-level mitigations such as strict access controls, segmentation of LTE telephony management interfaces, and monitoring for anomalous traffic patterns targeting the LZMA compression routines should be implemented. Employ intrusion detection/prevention systems (IDS/IPS) with updated signatures to detect potential exploitation attempts. Limit privileged access to affected systems and enforce multi-factor authentication to reduce the risk posed by the low privilege requirement. Coordinate with ASR for timely patch deployment once available and conduct thorough testing before production rollout. Additionally, perform memory integrity checks and audit logs for signs of exploitation attempts. Engage with telecom security communities to share intelligence and best practices for protecting LTE infrastructure.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Sweden, Poland, Belgium, Finland
CVE-2025-49480: CWE-125 Out-of-bounds Read in ASR Falcon_Linux、Kestrel、Lapwing_Linux
Description
Out-of-bounds access in ASR180x 、ASR190x in lte-telephony, This vulnerability is associated with program files apps/lzma/src/LzmaEnc.c. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
AI-Powered Analysis
Technical Analysis
CVE-2025-49480 is a high-severity vulnerability classified as CWE-125, an out-of-bounds read, affecting ASR's Falcon_Linux, Kestrel, and Lapwing_Linux products, specifically versions prior to v1536. The flaw resides in the LTE telephony component of ASR180x and ASR190x devices, within the LZMA compression implementation (apps/lzma/src/LzmaEnc.c). An out-of-bounds read occurs when the software reads memory outside the intended buffer bounds, potentially leading to information disclosure, data corruption, or triggering undefined behavior that could be leveraged for further exploitation. The CVSS 3.1 base score of 7.4 indicates a high severity, with an attack vector of network (AV:N), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), and scope change (S:C). The impact includes low confidentiality, integrity, and availability impacts individually, but combined with scope change, the overall effect is significant. No known exploits are currently reported in the wild, and no patches are linked yet, indicating a need for vigilance and proactive mitigation. The vulnerability affects critical telephony infrastructure components embedded in ASR's Linux-based products, which are likely used in telecommunications environments for LTE services.
Potential Impact
For European organizations, especially telecom operators and infrastructure providers relying on ASR's Falcon_Linux, Kestrel, and Lapwing_Linux platforms, this vulnerability poses a significant risk. Exploitation could allow attackers to remotely read out-of-bounds memory, potentially leaking sensitive information such as cryptographic keys, configuration data, or user information. Given the scope change, the vulnerability could be leveraged to affect other components or escalate privileges, impacting the integrity and availability of LTE telephony services. Disruption or compromise of LTE infrastructure can degrade network reliability, affect end-user connectivity, and cause regulatory and reputational damage. Critical national infrastructure and emergency communication systems that depend on these platforms are particularly at risk. The lack of known exploits currently provides a window for mitigation before active attacks emerge.
Mitigation Recommendations
European organizations should immediately identify deployments of ASR Falcon_Linux, Kestrel, and Lapwing_Linux products, focusing on versions prior to v1536. Until official patches are released, network-level mitigations such as strict access controls, segmentation of LTE telephony management interfaces, and monitoring for anomalous traffic patterns targeting the LZMA compression routines should be implemented. Employ intrusion detection/prevention systems (IDS/IPS) with updated signatures to detect potential exploitation attempts. Limit privileged access to affected systems and enforce multi-factor authentication to reduce the risk posed by the low privilege requirement. Coordinate with ASR for timely patch deployment once available and conduct thorough testing before production rollout. Additionally, perform memory integrity checks and audit logs for signs of exploitation attempts. Engage with telecom security communities to share intelligence and best practices for protecting LTE infrastructure.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- ASR
- Date Reserved
- 2025-06-05T08:13:26.653Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6863c56a6f40f0eb728f0619
Added to database: 7/1/2025, 11:24:26 AM
Last enriched: 7/1/2025, 11:39:31 AM
Last updated: 7/11/2025, 12:28:04 AM
Views: 10
Actions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.