CVE-2025-15017

A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access to internal debug functionality. Exploitation is low complexity and allows an attacker to execute privileged operations and access sensitive system resources, resulting in a high impact to the confidentiality, integrity, and availability of the affected device. No security impact to external or dependent systems has been identified.

A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access to internal debug functionality. Exploitation is low complexity and allows an attacker to execute privileged operations and access sensitive system resources, resulting in a high impact to the confidentiality, integrity, and availability of the affected device. No security impact to external or dependent systems has been identified.

Una vulnerabilidad existe en servidores de dispositivos serie donde el código de depuración activo permanece habilitado en la interfaz UART. Un atacante con acceso físico al dispositivo puede conectarse directamente a la interfaz UART y, sin autenticación, interacción del usuario o condiciones de ejecución, obtener acceso no autorizado a la funcionalidad de depuración interna. La explotación es de baja complejidad y permite a un atacante ejecutar operaciones privilegiadas y acceder a recursos sensibles del sistema, resultando en un alto impacto a la confidencialidad, integridad y disponibilidad del dispositivo afectado. No se ha identificado ningún impacto de seguridad en sistemas externos o dependientes.