CVE-2025-55047 is a high-severity vulnerability identified in the Baicells SPECTRA LTE-U eNB product, specifically affecting the U4G-AP1000 BaiStation_FDD version. The vulnerability is classified under CWE-798, which pertains to the use of hard-coded credentials within the device. Hard-coded credentials are embedded usernames and passwords or cryptographic keys that are fixed in the device firmware or software and cannot be changed by the user. This practice creates a significant security risk because if these credentials become known or are discovered by attackers, they can be used to gain unauthorized access to the device. The CVSS v3.1 base score for this vulnerability is 8.4, indicating a high level of severity. The vector string (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) reveals that the attack vector requires local access (AV:L), but has low attack complexity (AC:L), requires no privileges (PR:N), and no user interaction (UI:N). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). This means that an attacker with local access can fully compromise the device’s confidentiality, integrity, and availability without needing any authentication or user interaction. The vulnerability has been published recently (September 2025), and no known exploits in the wild have been reported yet. However, the presence of hard-coded credentials is a critical security flaw that can be exploited by attackers who gain local access, potentially through physical access or via other means such as compromised internal networks. The affected product, Baicells SPECTRA LTE-U eNB, is a small cell LTE base station used to extend LTE coverage and capacity, often deployed in enterprise, rural, or indoor environments.

For European organizations, the exploitation of this vulnerability could lead to severe consequences. Compromise of LTE small cell infrastructure can allow attackers to intercept, manipulate, or disrupt mobile communications, impacting confidentiality and integrity of data transmitted over the network. This could affect critical communications for enterprises, public safety, and government entities relying on LTE coverage. Additionally, attackers could disrupt service availability by taking control of the base station, causing denial of service or network outages. Given that LTE small cells are often deployed to improve coverage in dense urban or remote areas, disruption could degrade user experience and operational continuity. The high impact on confidentiality, integrity, and availability means sensitive communications could be exposed or altered, potentially violating GDPR and other data protection regulations in Europe. The requirement for local access somewhat limits remote exploitation but does not eliminate risk, as attackers may leverage other vulnerabilities or insider threats to gain the necessary access. The lack of a patch at the time of publication increases the urgency for organizations to implement compensating controls.

Organizations using Baicells SPECTRA LTE-U eNB devices should immediately assess their deployment environments to restrict physical and network access to these devices. Network segmentation should be enforced to isolate LTE small cells from general enterprise networks, limiting potential lateral movement. Strong monitoring and logging should be implemented to detect unauthorized access attempts. Where possible, replace or upgrade affected devices to versions without hard-coded credentials once patches or firmware updates become available from Baicells. Until official patches are released, consider deploying additional authentication layers such as VPNs or access control gateways to protect device management interfaces. Conduct regular security audits and penetration tests focusing on physical security and local network access controls. Educate staff about the risks of insider threats and enforce strict access policies. Finally, coordinate with Baicells and relevant vendors to receive timely updates and advisories.