Auth bypass in Ericsson Indoor Connect 8855

CVE-2025-40837

Ericsson Indoor Connect 8855 contains a missing authorization vulnerability which if exploited can allow access to the system as a user with higher privileges than intended.

Vulnerability class: Broken Access Control

EPSS: 0.001 (21.5th percentile) — read the EPSS interpretation.

Affected products

Ericsson Indoor Connect 8855 — versions 0

Weakness classification (CWE)

CWE-862 — Missing Authorization

References

www.ericsson.com/en/about-us/security/psirt/e2025-09-25