CVE-2025-41379

Issue

The Intellian C700 web panel (part of the Iridium Certus 700 maritime satellite terminal) provides a mechanism for authorised users to add firewall rules. A logic flaw arises when a new rule is added: the identifier used to store the rule in the internal database may differ from the identifier present in the JSON payload returned to the web interface. This inconsistency means that when an administrator later attempts to delete a rule, the deletion operation references the JSON ID, which does not match the database ID, causing the deletion to fail. [1]

Exploitation

An authenticated attacker with low-privilege access to the web panel can exploit this by creating carefully crafted firewall rules. Because the rule creation succeeds (the rule is stored in the database) but the subsequent deletion based on the JSON ID always fails, the attacker can generate rules that are effectively permanent. The only way to remove such orphaned rules is to reset the device to factory defaults. No special network position is required beyond being able to reach the web panel. [1]

Impact

The inability to delete firewall rules can be used to block critical satellite communications, disrupt legitimate administrative actions, or lock the device into an undesirable configuration. While the vulnerability itself does not directly disclose data or execute code (CVSS v4.0 6.3, AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N), the availability impact is significant because the attacker can enforce a denial-of-service condition on the device's firewall management until a factory reset is performed. [1]

Mitigation

Intellian Technologies has resolved this vulnerability in their Q2 2025 software release. Users of the Iridium Certus 700 (version 1.0.1 or earlier) should apply the latest firmware update provided by the vendor. No workaround other than a factory reset is available for devices already affected. [1]