A critical use-after-free vulnerability, identified as CVE-2025-22408, has been discovered in multiple products from the vendor "In". This flaw allows a remote, unauthenticated attacker to execute arbitrary code on an affected system, potentially leading to a full system compromise without any user interaction. Due to its critical severity (CVSS 9.8) and ease of exploitation, immediate remediation is required to prevent significant security breaches.

This vulnerability is a use-after-free error located in the rfc_check_send_cmd function within the rfc_utils.cc component. An attacker can remotely send a specially crafted command to this function, causing the application to use a pointer to a memory location that has already been deallocated. By carefully manipulating this memory state, the attacker can overwrite program instructions and achieve remote code execution (RCE) with the privileges of the running application. The attack does not require any prior authentication or special privileges.

This vulnerability is rated as critical severity with a CVSS score of 9.8, posing a direct and severe threat to the business. Successful exploitation could lead to a complete compromise of the affected system's confidentiality, integrity, and availability. Potential consequences include theft of sensitive corporate data, deployment of ransomware, disruption of critical business operations, and using the compromised system as a pivot point to attack other internal network resources. The reputational damage and financial costs associated with such a breach would be substantial.

Immediate Action:

• Immediately apply the security patches provided by the vendor. Update "In Multiple Products" to the latest version.
• Consult the official vendor security advisory to identify the specific products, versions, and patch details relevant to your environment.
• After patching, monitor systems for any signs of post-exploitation activity and review access logs for anomalous entries preceding the patch deployment.

Proactive Monitoring:

• Log Analysis: Scrutinize application and system logs for crashes or unexpected errors related to the rfc component.
• Network Traffic: Implement network monitoring to detect unusual traffic patterns or malformed data packets targeting the affected services. Deploy IDS/IPS signatures specific to this CVE as they become available.
• Endpoint Behavior: Use an Endpoint Detection and Response (EDR) solution to monitor for suspicious process execution, file modifications, or outbound network connections from affected systems.

Compensating Controls: If patching cannot be performed immediately, implement the following controls to reduce risk:

• Network Segmentation: Isolate affected systems from the internet and other critical internal network segments.
• Access Control: Apply strict firewall rules or Access Control Lists (ACLs) to restrict access to the vulnerable service, allowing connections only from trusted IP addresses.
• Virtual Patching: Use an Intrusion Prevention System (IPS) to deploy rules that can inspect and block traffic attempting to exploit this specific vulnerability.

Public Exploit Available: false

This vulnerability represents a critical risk to the organization and must be addressed with the highest priority. All teams responsible for the affected "In Multiple Products" must immediately begin the patching process as outlined in the vendor's security advisory. Although CVE-2025-22408 is not currently on the CISA KEV list, its characteristics make it a prime candidate for future inclusion and widespread exploitation. If immediate patching is not feasible, compensating controls must be implemented without delay while a patching plan is enacted.