CVE-2025-3498
Radiflow · iSAP Smart Collector
The Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) is susceptible to unauthorized configuration modification by unauthenticated users with management network access.
Executive summary
An unauthenticated configuration modification vulnerability in the Radiflow iSAP Smart Collector allows unauthorized users to compromise device settings.
Vulnerability
Unauthenticated users with access to the management network can retrieve and modify device configurations, likely due to exposed web services or APIs lacking proper access controls.
Business impact
The ability to modify device configurations allows an attacker to alter the operational behavior of the iSAP Smart Collector, potentially leading to data interception or total service disruption. With a CVSS score of 9.9, this vulnerability poses a severe threat to operational technology environments and industrial control networks.
Remediation
Immediate Action: Update the iSAP Smart Collector to the latest secure version provided by Radiflow to address the unauthorized configuration access flaw.
Proactive Monitoring: Audit configuration logs for unauthorized changes and monitor management network traffic for irregular access attempts.
Compensating Controls: Use strict network segmentation to ensure that the management interface for the iSAP Smart Collector is not reachable from untrusted network segments.
Exploitation status
Public Exploit Available: Not specified
Analyst recommendation
Immediate remediation is critical for this high-severity configuration vulnerability. Organizations should prioritize updating the affected Radiflow units and ensure that management interfaces are strictly guarded to prevent unauthorized access.