SQL Injection in Ericsson Indoor Connect 8855

CVE-2025-27261

Ericsson Indoor Connect 8855 contains an SQL injection vulnerability which if exploited can result in unauthorized disclosure or modification of data.

Vulnerability class: SQL Injection

EPSS: 0.000 (12.1th percentile) — read the EPSS interpretation.

Affected products

Ericsson Indoor Connect 8855 — versions 0

Weakness classification (CWE)

CWE-89 — SQL Injection

References

www.ericsson.com/en/about-us/security/psirt/e2025-09-25