CVE-2025-64092 is a SQL injection vulnerability identified in the Zenitel ICX500 intercom and communication system, affecting all versions prior to 1.4.3.3. The flaw resides in the handling of GET request parameters, where unauthenticated attackers can inject arbitrary SQL queries directly into the backend database. This vulnerability allows attackers to bypass authentication controls and retrieve sensitive information stored within the device's database, potentially including configuration details, user credentials, or call logs. The vulnerability is remotely exploitable over the network without requiring any user interaction, making it particularly dangerous. The CVSS v3.1 base score of 7.5 reflects a high severity due to the vulnerability's impact on confidentiality and ease of exploitation (attack vector: network, attack complexity: low, privileges required: none, user interaction: none). Although no known exploits have been reported in the wild, the exposure risk is significant given the device's deployment in critical communication infrastructure. The vulnerability does not affect data integrity or availability, limiting the attacker's capabilities to data disclosure rather than system disruption. The Zenitel ICX500 is commonly used in industrial, transportation, and public safety sectors, where secure communication is vital. The vulnerability was published on January 9, 2026, with no official patches linked yet, but upgrading to version 1.4.3.3 or later is recommended once available. Network-level controls such as firewall rules and access restrictions can mitigate exposure until patches are applied.

For European organizations, this vulnerability poses a significant risk to the confidentiality of sensitive communication data managed by Zenitel ICX500 devices. Unauthorized database queries could expose user credentials, call records, and configuration settings, potentially enabling further attacks or espionage. Critical infrastructure sectors such as transportation, public safety, and industrial facilities that rely on ICX500 for secure communication are particularly vulnerable. Data leakage could lead to privacy violations, regulatory non-compliance (e.g., GDPR), and reputational damage. Although the vulnerability does not directly impact system integrity or availability, the exposure of sensitive information could facilitate subsequent attacks or unauthorized access. The ease of exploitation without authentication increases the threat level, especially in environments where these devices are accessible from untrusted networks or the internet. European organizations with inadequate network segmentation or remote access controls face heightened risk. The lack of known exploits in the wild suggests a window for proactive mitigation before widespread exploitation occurs.

1. Immediately inventory all Zenitel ICX500 devices and verify their firmware versions. Prioritize upgrading all devices to version 1.4.3.3 or later once the patch is officially released by Zenitel. 2. Until patches are applied, restrict network access to ICX500 management interfaces by implementing strict firewall rules limiting access to trusted IP addresses and internal networks only. 3. Employ network segmentation to isolate ICX500 devices from public or less secure network zones, reducing exposure to potential attackers. 4. Monitor network traffic for unusual GET requests targeting ICX500 devices, which may indicate exploitation attempts. 5. Disable any unnecessary web services or interfaces on the ICX500 devices to minimize attack surface. 6. Conduct regular vulnerability scans and penetration tests focusing on ICX500 devices to detect potential exploitation. 7. Educate IT and security teams about this vulnerability and ensure incident response plans include steps for potential data breaches involving these devices. 8. Engage with Zenitel support channels to obtain official patches and security advisories promptly. 9. Consider deploying Web Application Firewalls (WAF) or Intrusion Prevention Systems (IPS) with rules to detect and block SQL injection patterns targeting ICX500 devices. 10. Review and enforce strong access control policies and logging on ICX500 devices to detect unauthorized access attempts.