CVE-2025-64129 identifies a critical out-of-bounds write vulnerability (CWE-787) in the Zenitel TCIV-3+ intercom device. This vulnerability allows a remote attacker to write data outside the intended buffer boundaries, which can corrupt memory and lead to device crashes. The flaw can be triggered remotely over the network without requiring any privileges, although it requires some form of user interaction to exploit. The vulnerability primarily threatens the availability of the device by causing denial-of-service conditions, but it also has limited impact on confidentiality and integrity due to potential memory corruption. The CVSS v3.1 score of 7.6 reflects the high risk posed by this vulnerability, considering its network attack vector, low attack complexity, no privileges required, but requiring user interaction. Currently, there are no known exploits in the wild, and no patches have been released by Zenitel, increasing the urgency for organizations to implement interim mitigations. The affected product, TCIV-3+, is commonly used in industrial and critical communication environments, making the vulnerability particularly concerning for operational technology (OT) networks. The vulnerability was reserved in late October 2025 and published in November 2025, indicating recent discovery and disclosure.

For European organizations, this vulnerability poses a significant risk to operational continuity, especially in sectors relying on Zenitel TCIV-3+ devices for secure communication, such as manufacturing, transportation, energy, and public safety. A successful exploitation could lead to denial-of-service conditions, disrupting communication channels critical for safety and operational coordination. The limited impact on confidentiality and integrity reduces the risk of data breaches but does not eliminate concerns about potential memory corruption side effects. The lack of authentication requirement and remote exploitability increase the attack surface, particularly if devices are exposed to untrusted networks or insufficiently segmented environments. Disruptions could lead to operational downtime, safety hazards, and financial losses. The absence of patches necessitates proactive defensive measures to mitigate risks until vendor updates are available.

1. Immediately implement strict network segmentation to isolate Zenitel TCIV-3+ devices from untrusted or public networks, limiting exposure to potential attackers. 2. Restrict remote access to these devices using firewalls and VPNs with strong authentication to prevent unauthorized connections. 3. Monitor network traffic and device logs for unusual activity or signs of exploitation attempts, employing intrusion detection systems tailored for OT environments. 4. Educate users and administrators about the requirement for user interaction in exploitation to reduce inadvertent triggering of the vulnerability. 5. Maintain an inventory of all affected devices and prioritize them for monitoring and mitigation efforts. 6. Engage with Zenitel support channels to obtain updates on patch availability and apply vendor patches promptly once released. 7. Consider deploying temporary compensating controls such as disabling unnecessary services or features on the devices to reduce attack vectors. 8. Develop and test incident response plans specific to potential denial-of-service events affecting communication devices.