{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T15:26:05.182","vulnerabilities":[{"cve":{"id":"CVE-2025-3498","sourceIdentifier":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","published":"2025-07-09T09:15:27.137","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An unauthenticated user with management network access can get and \nmodify the Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) \nconfiguration. The device has two web servers that expose unauthenticated REST APIs on the management network (TCP\nports 8084 and 8086). An attacker can use these APIs to get access to all system settings, modify the configuration\nand execute some commands (e.g., system reboot)."},{"lang":"es","value":"Un usuario no autenticado con acceso a la red de administración puede obtener y modificar la configuración de Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20). El dispositivo cuenta con dos servidores web que exponen API REST no autenticadas en la red de administración (puertos TCP 8084 y 8086). Un atacante puede usar estas API para acceder a toda la configuración del sistema, modificar la configuración y ejecutar algunos comandos (p. ej., reiniciar el sistema)."}],"metrics":{"cvssMetricV31":[{"source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":5.3}]},"weaknesses":[{"source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://www.cvcn.gov.it/cvcn/cve/CVE-2025-3498","source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158"}]}}]}