The ITEL ISO FM SFN Adapter, specifically firmware version ISO2 2.0.0.0 and WebServer 2.0, suffers from a session hijacking vulnerability identified as CVE-2025-63219. This vulnerability arises from improper session management on the /home.html endpoint, which fails to adequately protect active sessions from unauthorized access. An attacker can exploit this flaw remotely over the network without any authentication or user interaction, allowing them to assume control of an active session. Once hijacked, the attacker gains the ability to manipulate device configurations and potentially disrupt the device's normal operation, compromising system integrity and availability. The vulnerability is categorized under CWE-284 (Improper Access Control), indicating a failure to enforce proper access restrictions. The CVSS v3.1 score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) highlights that the attack can be performed remotely with low complexity, no privileges, and no user interaction, primarily impacting availability without direct confidentiality or integrity loss. Although no public exploits have been reported yet, the vulnerability's characteristics make it a significant threat to environments relying on this adapter for industrial or communication purposes. The lack of available patches at the time of reporting necessitates immediate attention to alternative mitigations to reduce exposure.

For European organizations, especially those in industrial, manufacturing, or critical infrastructure sectors using the ITEL ISO FM SFN Adapter, this vulnerability poses a risk of operational disruption. Attackers exploiting session hijacking can alter device configurations, potentially causing device malfunction or denial of service, which could cascade into broader system outages. The ability to control the device without authentication increases the risk of unauthorized access and persistent compromise. This can affect availability of essential services, leading to financial losses, safety hazards, and reputational damage. Given the adapter’s role in communication and control systems, compromised devices could also serve as pivot points for further network intrusion. The absence of known exploits currently provides a window for proactive defense, but the ease of exploitation and network accessibility elevate the threat level. European organizations must consider the impact on compliance with regulations such as NIS2, which mandates robust cybersecurity for critical infrastructure.

1. Monitor ITEL’s official channels for firmware updates addressing CVE-2025-63219 and apply patches immediately upon release. 2. Implement network segmentation to isolate the ISO FM SFN Adapter devices from general IT networks, limiting exposure to potential attackers. 3. Restrict access to the device’s management interfaces (including /home.html) using firewall rules and VPNs to ensure only authorized personnel can connect. 4. Deploy intrusion detection and prevention systems (IDS/IPS) to monitor for unusual session activity or unauthorized access attempts targeting the adapter. 5. Enforce strong network access controls and authentication mechanisms at the perimeter to reduce the risk of unauthorized network access. 6. Conduct regular security audits and penetration testing focused on industrial control systems to identify and remediate similar session management flaws. 7. Maintain comprehensive logging and alerting on device access to quickly detect and respond to potential hijacking attempts. 8. Educate operational technology (OT) staff on the risks of session hijacking and the importance of secure session management practices.