CVE-2025-64129
Description
Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An out-of-bounds write vulnerability in Zenitel TCIV-3+ allows remote attackers to crash the device.
Vulnerability
Overview
An out-of-bounds write vulnerability exists in Zenitel TCIV-3+ devices (all versions prior to 9.3.3.0). This flaw can be triggered remotely and requires low attack complexity, with no authentication needed. The root cause is improper handling of input, leading to memory corruption [1].
Attack
Vector
An unauthenticated attacker can exploit this vulnerability over the network without user interaction. The CVSS v3 base score is 7.6 (High), with a vector string indicating network access, low complexity, and no privileges required [1].
Impact
Successful exploitation could cause a denial-of-service condition by crashing the device. While this specific CVE only leads to a crash, the same advisory notes other vulnerabilities in the same product that could allow arbitrary code execution [1].
Mitigation
Zenitel has released firmware version 9.3.3.0 to address this issue. Users should update their devices to the latest firmware available from the official Zenitel downloads page [1][3].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.