Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by Ribbon Communications
CVE-2025-23181 (GCVE-0-2025-23181)
Vulnerability from nvd – Published: 2025-04-29 16:19 – Updated: 2025-04-29 17:44
VLAI
Title
Ribbon Communications - CWE-250: Execution with Unnecessary Privileges
Summary
CWE-250: Execution with Unnecessary Privileges
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ribbon Communications | Apollo 9608 |
Affected:
v9.6R3
|
Date Public
2025-04-29 16:19
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23181",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T17:43:58.357324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T17:44:21.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apollo 9608",
"vendor": "Ribbon Communications",
"versions": [
{
"status": "affected",
"version": "v9.6R3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pierpaolo Santucci"
}
],
"datePublic": "2025-04-29T16:19:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CWE-250: Execution with Unnecessary Privileges\u003cbr\u003e"
}
],
"value": "CWE-250: Execution with Unnecessary Privileges"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250: Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T16:19:37.077Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to v13R1 or later"
}
],
"value": "Upgrade to v13R1 or later"
}
],
"source": {
"advisory": "ILVN-2025-0227",
"discovery": "UNKNOWN"
},
"title": "Ribbon Communications - CWE-250: Execution with Unnecessary Privileges",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2025-23181",
"datePublished": "2025-04-29T16:19:37.077Z",
"dateReserved": "2025-01-12T08:45:19.975Z",
"dateUpdated": "2025-04-29T17:44:21.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23180 (GCVE-0-2025-23180)
Vulnerability from nvd – Published: 2025-04-29 16:18 – Updated: 2025-04-29 17:45
VLAI
Title
Ribbon Communications - CWE-250: Execution with Unnecessary Privileges
Summary
CWE-250: Execution with Unnecessary Privileges
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ribbon Communications | Apollo 9608 |
Affected:
v9.6R3
|
Date Public
2025-04-29 16:16
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23180",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T17:44:50.297387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T17:45:07.981Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apollo 9608",
"vendor": "Ribbon Communications",
"versions": [
{
"status": "affected",
"version": "v9.6R3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pierpaolo Santucci"
}
],
"datePublic": "2025-04-29T16:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CWE-250: Execution with Unnecessary Privileges\u003cbr\u003e"
}
],
"value": "CWE-250: Execution with Unnecessary Privileges"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250: Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T16:18:48.113Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to v13R1 or later"
}
],
"value": "Upgrade to v13R1 or later"
}
],
"source": {
"advisory": "ILVN-2025-0226",
"discovery": "UNKNOWN"
},
"title": "Ribbon Communications - CWE-250: Execution with Unnecessary Privileges",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2025-23180",
"datePublished": "2025-04-29T16:18:48.113Z",
"dateReserved": "2025-01-12T08:45:19.975Z",
"dateUpdated": "2025-04-29T17:45:07.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23179 (GCVE-0-2025-23179)
Vulnerability from nvd – Published: 2025-04-29 16:09 – Updated: 2025-04-29 17:56
VLAI
Title
Ribbon Communications - CWE-798: Use of Hard-coded Credentials
Summary
CWE-798: Use of Hard-coded Credentials
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ribbon Communications | Apollo 9608 |
Affected:
v9.6R3
|
Date Public
2025-04-29 16:06
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23179",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T17:55:28.041990Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T17:56:36.747Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apollo 9608",
"vendor": "Ribbon Communications",
"versions": [
{
"status": "affected",
"version": "v9.6R3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pierpaolo Santucci"
}
],
"datePublic": "2025-04-29T16:06:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CWE-798: Use of Hard-coded Credentials"
}
],
"value": "CWE-798: Use of Hard-coded Credentials"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T16:09:12.121Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to v13R1 or later"
}
],
"value": "Upgrade to v13R1 or later"
}
],
"source": {
"advisory": "ILVN-2025-0225",
"discovery": "UNKNOWN"
},
"title": "Ribbon Communications - CWE-798: Use of Hard-coded Credentials",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2025-23179",
"datePublished": "2025-04-29T16:09:12.121Z",
"dateReserved": "2025-01-12T08:45:19.974Z",
"dateUpdated": "2025-04-29T17:56:36.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23178 (GCVE-0-2025-23178)
Vulnerability from nvd – Published: 2025-04-29 16:05 – Updated: 2025-04-29 17:56
VLAI
Title
Ribbon Communications - CWE-923: Improper Restriction of Communication Channel to Intended Endpoints
Summary
CWE-923: Improper Restriction of Communication Channel to Intended Endpoints
Severity
7.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ribbon Communications | Apollo 9608 |
Affected:
v9.6R3
|
Date Public
2025-04-29 16:14
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23178",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T17:55:38.380710Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T17:56:25.515Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apollo 9608",
"vendor": "Ribbon Communications",
"versions": [
{
"status": "affected",
"version": "v9.6R3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pierpaolo Santucci"
}
],
"datePublic": "2025-04-29T16:14:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CWE-923: Improper Restriction of Communication Channel to Intended Endpoints"
}
],
"value": "CWE-923: Improper Restriction of Communication Channel to Intended Endpoints"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923: Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T16:15:04.163Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to v13R1 or later"
}
],
"value": "Upgrade to v13R1 or later"
}
],
"source": {
"advisory": "ILVN-2025-0224",
"discovery": "UNKNOWN"
},
"title": "Ribbon Communications - CWE-923: Improper Restriction of Communication Channel to Intended Endpoints",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2025-23178",
"datePublished": "2025-04-29T16:05:05.987Z",
"dateReserved": "2025-01-12T08:45:19.974Z",
"dateUpdated": "2025-04-29T17:56:25.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23177 (GCVE-0-2025-23177)
Vulnerability from nvd – Published: 2025-04-29 16:01 – Updated: 2025-04-29 17:56
VLAI
Title
Ribbon Communications - CWE-427: Uncontrolled Search Path Element
Summary
CWE-427: Uncontrolled Search Path Element
Severity
7.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ribbon Communications | Apollo 9608 |
Affected:
v9.6R3
|
Date Public
2025-04-29 16:10
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23177",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T17:55:43.669877Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T17:56:14.312Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apollo 9608",
"vendor": "Ribbon Communications",
"versions": [
{
"status": "affected",
"version": "v9.6R3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pierpaolo Santucci"
}
],
"datePublic": "2025-04-29T16:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CWE-427: Uncontrolled Search Path Element"
}
],
"value": "CWE-427: Uncontrolled Search Path Element"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T16:12:57.472Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to v13R1 or later"
}
],
"value": "Upgrade to v13R1 or later"
}
],
"source": {
"advisory": "ILVN-2025-0223",
"discovery": "UNKNOWN"
},
"title": "Ribbon Communications - CWE-427: Uncontrolled Search Path Element",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2025-23177",
"datePublished": "2025-04-29T16:01:40.556Z",
"dateReserved": "2025-01-12T08:45:19.974Z",
"dateUpdated": "2025-04-29T17:56:14.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23181 (GCVE-0-2025-23181)
Vulnerability from cvelistv5 – Published: 2025-04-29 16:19 – Updated: 2025-04-29 17:44
VLAI
Title
Ribbon Communications - CWE-250: Execution with Unnecessary Privileges
Summary
CWE-250: Execution with Unnecessary Privileges
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ribbon Communications | Apollo 9608 |
Affected:
v9.6R3
|
Date Public
2025-04-29 16:19
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23181",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T17:43:58.357324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T17:44:21.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apollo 9608",
"vendor": "Ribbon Communications",
"versions": [
{
"status": "affected",
"version": "v9.6R3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pierpaolo Santucci"
}
],
"datePublic": "2025-04-29T16:19:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CWE-250: Execution with Unnecessary Privileges\u003cbr\u003e"
}
],
"value": "CWE-250: Execution with Unnecessary Privileges"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250: Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T16:19:37.077Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to v13R1 or later"
}
],
"value": "Upgrade to v13R1 or later"
}
],
"source": {
"advisory": "ILVN-2025-0227",
"discovery": "UNKNOWN"
},
"title": "Ribbon Communications - CWE-250: Execution with Unnecessary Privileges",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2025-23181",
"datePublished": "2025-04-29T16:19:37.077Z",
"dateReserved": "2025-01-12T08:45:19.975Z",
"dateUpdated": "2025-04-29T17:44:21.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23180 (GCVE-0-2025-23180)
Vulnerability from cvelistv5 – Published: 2025-04-29 16:18 – Updated: 2025-04-29 17:45
VLAI
Title
Ribbon Communications - CWE-250: Execution with Unnecessary Privileges
Summary
CWE-250: Execution with Unnecessary Privileges
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ribbon Communications | Apollo 9608 |
Affected:
v9.6R3
|
Date Public
2025-04-29 16:16
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23180",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T17:44:50.297387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T17:45:07.981Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apollo 9608",
"vendor": "Ribbon Communications",
"versions": [
{
"status": "affected",
"version": "v9.6R3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pierpaolo Santucci"
}
],
"datePublic": "2025-04-29T16:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CWE-250: Execution with Unnecessary Privileges\u003cbr\u003e"
}
],
"value": "CWE-250: Execution with Unnecessary Privileges"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250: Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T16:18:48.113Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to v13R1 or later"
}
],
"value": "Upgrade to v13R1 or later"
}
],
"source": {
"advisory": "ILVN-2025-0226",
"discovery": "UNKNOWN"
},
"title": "Ribbon Communications - CWE-250: Execution with Unnecessary Privileges",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2025-23180",
"datePublished": "2025-04-29T16:18:48.113Z",
"dateReserved": "2025-01-12T08:45:19.975Z",
"dateUpdated": "2025-04-29T17:45:07.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23179 (GCVE-0-2025-23179)
Vulnerability from cvelistv5 – Published: 2025-04-29 16:09 – Updated: 2025-04-29 17:56
VLAI
Title
Ribbon Communications - CWE-798: Use of Hard-coded Credentials
Summary
CWE-798: Use of Hard-coded Credentials
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ribbon Communications | Apollo 9608 |
Affected:
v9.6R3
|
Date Public
2025-04-29 16:06
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23179",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T17:55:28.041990Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T17:56:36.747Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apollo 9608",
"vendor": "Ribbon Communications",
"versions": [
{
"status": "affected",
"version": "v9.6R3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pierpaolo Santucci"
}
],
"datePublic": "2025-04-29T16:06:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CWE-798: Use of Hard-coded Credentials"
}
],
"value": "CWE-798: Use of Hard-coded Credentials"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T16:09:12.121Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to v13R1 or later"
}
],
"value": "Upgrade to v13R1 or later"
}
],
"source": {
"advisory": "ILVN-2025-0225",
"discovery": "UNKNOWN"
},
"title": "Ribbon Communications - CWE-798: Use of Hard-coded Credentials",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2025-23179",
"datePublished": "2025-04-29T16:09:12.121Z",
"dateReserved": "2025-01-12T08:45:19.974Z",
"dateUpdated": "2025-04-29T17:56:36.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23178 (GCVE-0-2025-23178)
Vulnerability from cvelistv5 – Published: 2025-04-29 16:05 – Updated: 2025-04-29 17:56
VLAI
Title
Ribbon Communications - CWE-923: Improper Restriction of Communication Channel to Intended Endpoints
Summary
CWE-923: Improper Restriction of Communication Channel to Intended Endpoints
Severity
7.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ribbon Communications | Apollo 9608 |
Affected:
v9.6R3
|
Date Public
2025-04-29 16:14
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23178",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T17:55:38.380710Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T17:56:25.515Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apollo 9608",
"vendor": "Ribbon Communications",
"versions": [
{
"status": "affected",
"version": "v9.6R3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pierpaolo Santucci"
}
],
"datePublic": "2025-04-29T16:14:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CWE-923: Improper Restriction of Communication Channel to Intended Endpoints"
}
],
"value": "CWE-923: Improper Restriction of Communication Channel to Intended Endpoints"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923: Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T16:15:04.163Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to v13R1 or later"
}
],
"value": "Upgrade to v13R1 or later"
}
],
"source": {
"advisory": "ILVN-2025-0224",
"discovery": "UNKNOWN"
},
"title": "Ribbon Communications - CWE-923: Improper Restriction of Communication Channel to Intended Endpoints",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2025-23178",
"datePublished": "2025-04-29T16:05:05.987Z",
"dateReserved": "2025-01-12T08:45:19.974Z",
"dateUpdated": "2025-04-29T17:56:25.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23177 (GCVE-0-2025-23177)
Vulnerability from cvelistv5 – Published: 2025-04-29 16:01 – Updated: 2025-04-29 17:56
VLAI
Title
Ribbon Communications - CWE-427: Uncontrolled Search Path Element
Summary
CWE-427: Uncontrolled Search Path Element
Severity
7.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ribbon Communications | Apollo 9608 |
Affected:
v9.6R3
|
Date Public
2025-04-29 16:10
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23177",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T17:55:43.669877Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T17:56:14.312Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apollo 9608",
"vendor": "Ribbon Communications",
"versions": [
{
"status": "affected",
"version": "v9.6R3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pierpaolo Santucci"
}
],
"datePublic": "2025-04-29T16:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CWE-427: Uncontrolled Search Path Element"
}
],
"value": "CWE-427: Uncontrolled Search Path Element"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T16:12:57.472Z",
"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"shortName": "INCD"
},
"references": [
{
"url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to v13R1 or later"
}
],
"value": "Upgrade to v13R1 or later"
}
],
"source": {
"advisory": "ILVN-2025-0223",
"discovery": "UNKNOWN"
},
"title": "Ribbon Communications - CWE-427: Uncontrolled Search Path Element",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
"assignerShortName": "INCD",
"cveId": "CVE-2025-23177",
"datePublished": "2025-04-29T16:01:40.556Z",
"dateReserved": "2025-01-12T08:45:19.974Z",
"dateUpdated": "2025-04-29T17:56:14.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}