CVE-2025-64128 – Zenitel Intercom & IP Audio Systems Security Update

These four vulnerabilities affect Zenitel intercom and IP audio systems, exposing core communication infrastructure to unauthorized access and system compromise.

CVE-2025-64127 is a critical vulnerability (CVSS 9.8) that allows unauthenticated remote access to system functionality. An attacker on the network could exploit this issue to gain control of affected devices without valid credentials.

CVE-2025-64128 is a high-severity vulnerability (CVSS 8.1) involving improper authentication controls. Under certain conditions, attackers could bypass intended access restrictions and interact with protected services.

CVE-2025-64129 is a high-severity vulnerability (CVSS 7.8) related to command or input handling weaknesses. Successful exploitation could allow unauthorized system manipulation or execution of unintended actions.

CVE-2025-64130 is a medium-severity vulnerability (CVSS 6.5) that could expose sensitive system information, potentially assisting attackers in reconnaissance or follow-on attacks.

Because Zenitel systems are commonly deployed in transportation, correctional facilities, healthcare, and other critical infrastructure environments, exploitation could result in disruption of communications, unauthorized device control, or broader network compromise.

Zenitel has released firmware updates addressing these vulnerabilities.