CVE-2025-71056 identifies an improper session management vulnerability in the GCOM EPON 1GE ONU device, specifically version C00R371V00B01. The flaw arises because the device's session management mechanism trusts the IP address of authenticated users without sufficient validation, enabling attackers to spoof the IP address and hijack active sessions. This vulnerability falls under CWE-290, which relates to improper authentication mechanisms. The attack vector is network-based (AV:N), requiring low attack complexity (AC:L) and privileges (PR:L), but no user interaction (UI:N). The scope remains unchanged (S:U), but the impact on confidentiality and integrity is high (C:H/I:H), while availability is unaffected (A:N). Although no public exploits are known, the vulnerability could allow attackers to impersonate legitimate users, access sensitive data, or manipulate device configurations. The lack of available patches increases the urgency for organizations to apply compensating controls. Given the nature of EPON ONU devices as critical network access points in fiber-optic broadband infrastructures, this vulnerability poses a significant risk to network security and data privacy.

The vulnerability could lead to unauthorized access to network devices, allowing attackers to intercept or manipulate sensitive data, disrupt network configurations, or gain further footholds within an organization’s infrastructure. Since the attack exploits session hijacking via IP spoofing, confidentiality and integrity of communications are at high risk. This could result in data breaches, unauthorized configuration changes, and potential lateral movement within networks. Service providers relying on GCOM EPON ONU devices might face service degradation or compromise of subscriber data. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits given the public disclosure. The impact is particularly critical for organizations with large-scale fiber-optic deployments, where compromised ONU devices could affect many users or critical infrastructure components.

1. Implement network-level controls such as ingress and egress filtering to prevent IP spoofing within the network. 2. Restrict management access to ONU devices to trusted administrative networks and use strong authentication mechanisms beyond IP-based validation. 3. Monitor network traffic for anomalies indicative of session hijacking attempts, including unexpected IP address changes in active sessions. 4. Deploy network segmentation to limit the exposure of ONU devices and reduce the attack surface. 5. Engage with GCOM or authorized vendors to obtain firmware updates or patches as they become available. 6. Use multi-factor authentication for device management interfaces to reduce reliance on IP-based session validation. 7. Conduct regular security audits and penetration testing focused on network access devices to identify and remediate similar vulnerabilities proactively.