CVE-2025-59816

Vulnerability

Overview

The Billing Admin component in Zenitel ICX systems (ICX-500, ICX-510, ICX-Core) contains a flaw that permits direct, unauthenticated queries to the underlying database. This vulnerability stems from insufficient access controls on the billing web interface, which was re-enabled in a prior software version. As a result, an attacker can retrieve the entire contents of the Billing Admin database, including user credentials that are stored in plaintext [1].

Exploitation

An attacker can exploit this vulnerability remotely without any prior authentication or special network position. The attack surface is the billing web interface, which is exposed on the network. By sending crafted requests to the vulnerable endpoint, the attacker can bypass intended restrictions and execute arbitrary database queries. No user interaction is required, making this a high-severity issue with a CVSS v3 score of 7.3.

Impact

Successful exploitation leads to complete disclosure of the Billing Admin database. This includes all user accounts and their associated plaintext passwords, significantly increasing the risk of account takeover. An attacker could use the exposed credentials to gain administrative access to the ICX system, potentially compromising the entire communication infrastructure managed by the device.

Mitigation

Zenitel addressed this vulnerability in ICX version 1.4.3.3, released on September 15, 2025. The release notes for this version include a security fix (MTN-4791) that re-enables the billing web with proper access controls [1]. Users are strongly advised to upgrade to ICX 1.4.3.3 or later. No workarounds have been documented; upgrading is the only recommended mitigation.