← back
CVE-2025-13510

Iskra iHUB and iHUB Lite has a Missing Authentication for Critical Function vulnerabilitiy

CVSS 9.3 CRITICALEPSS 0.6%CWE-306
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.3EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
02 Dec 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Iskra iHUB and iHUB Lite smart metering gateway exposes its web management interface without requiring authentication, allowing unauthenticated users to access and modify critical device settings.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →