CVE-2025-13510
Iskra iHUB and iHUB Lite has a Missing Authentication for Critical Function vulnerabilitiy
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.3EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
02 Dec 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Iskra iHUB and iHUB Lite smart metering gateway exposes its web management interface without requiring authentication, allowing unauthenticated users to access and modify critical device settings.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Iskra · iHUB and iHUB LiteWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →