CVE Catalog

CVE-2025-4994

HighCVSS 8.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile - higher than 11% of all known CVEs

Summary

SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerability allows attackers to bypass authentication requirements and access the device's configuration service via the Bluetooth Low Energy (BLE) interface.

Risk Assessment

An attacker within wireless range can gain unauthorized administrative access to the device configuration, potentially compromising the security of the emergency communication system in elevators.

Recommendation

Immediately update the firmware of SafeLine SL6 and SL6+ devices to the latest version and restrict access to the BLE interface by implementing strong authentication.

Original NVD description (English source)

The SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerability allows attackers to bypass authentication requirements and access the device's configuration service via the Bluetooth Low Energy (BLE) interface. Consequently, an attacker within wireless range can gain unauthorized administrative access to the device configuration.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS