RCE in Ericsson Indoor Connect 8855

CVE-2025-27262

Ericsson Indoor Connect 8855 contains a command injection vulnerability which if exploited can result in an escalation of privileges.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.000 (11.7th percentile) — read the EPSS interpretation.

Affected products

Ericsson Indoor Connect 8855 — versions 0

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

www.ericsson.com/en/about-us/security/psirt/e2025-09-25