Auth bypass in Digi International One Iap
CVE-2025-3659
Improper authentication handling was identified in a set of HTTP POST requests affecting the following product families: * Digi PortServer TS - prior to and including 82000747_AA, build date 06/17/2022 * Digi One SP/Digi One SP I…
Vulnerability class: Broken Authentication
EPSS: 0.003 (18.3th percentile) — read the EPSS interpretation.
Affected products
- Digi International One Iap — versions 0
- Digi International One Sp/digi Sp Ia/digi Ia — versions 0
- Digi International Portserver Ts — versions 0
Weakness classification (CWE)
References
- e8a6bb0b-e373-42b1-a5de-93e314325576 (patch)
- e8a6bb0b-e373-42b1-a5de-93e314325576 (patch)
- e8a6bb0b-e373-42b1-a5de-93e314325576 (patch)
- e8a6bb0b-e373-42b1-a5de-93e314325576 (vendor-advisory)