CVE-2025-6765 is a medium-severity vulnerability identified in Intelbras InControl version 2.21.60.9, specifically within the HTTP PUT Request Handler component that processes requests to the /v1/operador/ endpoint. The vulnerability arises due to improper permission handling during the processing of these HTTP PUT requests, which can lead to unauthorized permission changes or privilege escalation. The flaw can be exploited remotely without requiring user interaction or prior authentication, as indicated by the CVSS vector (AV:N/AC:L/AT:N/PR:L/UI:N). The vulnerability impacts the confidentiality, integrity, and availability of the system to a limited extent (VC:L/VI:L/VA:L). Although the CVSS score is 5.3 (medium), the exploitability is relatively straightforward due to low attack complexity and no user interaction needed. The vendor, Intelbras, has not responded to early disclosure attempts, and no patches or mitigations have been publicly released. No known exploits are currently observed in the wild, but public disclosure of the exploit code increases the risk of future attacks. The vulnerability could allow attackers to manipulate permissions remotely, potentially enabling unauthorized access or control over the affected InControl system, which is typically used for device management or network control in enterprise or industrial environments.

For European organizations using Intelbras InControl 2.21.60.9, this vulnerability poses a tangible risk of unauthorized access or privilege escalation within their network management infrastructure. Exploitation could lead to unauthorized configuration changes, data exposure, or disruption of services managed by InControl. Given that InControl is often deployed in critical infrastructure or enterprise environments, successful exploitation could compromise operational integrity and data confidentiality. The lack of vendor response and absence of patches heightens the risk, as organizations may remain exposed for extended periods. Additionally, the remote and unauthenticated nature of the exploit increases the attack surface, especially for organizations with externally accessible management interfaces. This could facilitate lateral movement or serve as a foothold for further attacks within corporate or industrial networks. The medium severity rating suggests moderate impact, but the criticality of the managed systems could amplify real-world consequences.

European organizations should immediately audit their Intelbras InControl deployments to identify affected versions (2.21.60.9). Until an official patch is available, organizations should restrict network access to the InControl management interface, ideally isolating it within internal networks and blocking external access via firewalls or VPNs. Implement strict network segmentation to limit potential lateral movement from compromised devices. Monitor network traffic for unusual HTTP PUT requests targeting /v1/operador/ endpoints and deploy intrusion detection/prevention systems with custom signatures to detect exploitation attempts. Employ strong authentication and access controls on management interfaces, even if the vulnerability does not require authentication, to reduce overall risk. Regularly review logs for unauthorized permission changes or anomalous activities. Engage with Intelbras support channels to demand timely patch releases and stay updated on vendor advisories. Consider deploying compensating controls such as application-layer gateways or web application firewalls to filter malicious requests targeting the vulnerable endpoint.