CVE-2025-4994
HighCVSS 8.7Exploitation Probability (EPSS)
Low risk11th percentile - higher than 11% of all known CVEs
Summary
SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerability allows attackers to bypass authentication requirements and access the device's configuration service via the Bluetooth Low Energy (BLE) interface.
Risk Assessment
An attacker within wireless range can gain unauthorized administrative access to the device configuration, potentially compromising the security of the emergency communication system in elevators.
Recommendation
Immediately update the firmware of SafeLine SL6 and SL6+ devices to the latest version and restrict access to the BLE interface by implementing strong authentication.
Original NVD description (English source)
The SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerability allows attackers to bypass authentication requirements and access the device's configuration service via the Bluetooth Low Energy (BLE) interface. Consequently, an attacker within wireless range can gain unauthorized administrative access to the device configuration.

