CVE-2025-1718 in Relion 670
Summary
by MITRE • 06/24/2025
An authenticated user with file access privilege via FTP access can cause the Relion 670/650 and SAM600-IO series device to reboot due to improper disk space management.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 06/27/2025
The vulnerability identified as CVE-2025-1718 affects Relion 670/650 and SAM600-IO series network devices, representing a critical security flaw in embedded systems designed for industrial and networking environments. This issue stems from improper disk space management within the device's file system operations, specifically when handling FTP access requests from authenticated users. The vulnerability exists in the device's handling of storage resources during file transfer operations, where insufficient validation and resource management leads to a denial of service condition. The flaw is particularly concerning as it requires only authenticated access with file access privileges via FTP, meaning an attacker who has already gained login credentials can exploit this weakness to disrupt device operations. The device's failure to properly manage disk space allocation during file operations can result in a complete system reboot, effectively causing a denial of service that impacts network connectivity and operational availability.
The technical implementation of this vulnerability demonstrates a classic case of inadequate resource management within embedded systems, aligning with CWE-129 which addresses improper validation of array index or buffer bounds. The flaw manifests when an authenticated user performs file operations through FTP access, triggering a sequence where the device's storage management logic fails to properly handle disk space exhaustion or allocation errors. This improper handling leads to an uncontrolled system state that results in automatic device reboot. The vulnerability exploitation requires minimal privileges, specifically FTP access with file manipulation capabilities, making it particularly dangerous in environments where such access might be granted to multiple users or where credentials could be compromised through social engineering or other attack vectors. The device's inability to gracefully handle disk space management errors during file transfer operations creates a condition where system resources become exhausted or corrupted, ultimately triggering the reboot mechanism as a protective measure or due to system instability.
The operational impact of CVE-2025-1718 extends beyond simple service disruption, potentially affecting critical network infrastructure and industrial control systems that rely on these devices for connectivity and data handling. In environments where these devices serve as network gateways or communication endpoints, an attacker could repeatedly exploit this vulnerability to maintain persistent denial of service conditions, effectively rendering the network segment inaccessible. The reboot condition can occur multiple times, creating a cascading effect that may impact other connected devices or systems that depend on stable network connectivity. From an attacker perspective, this vulnerability provides a reliable method for causing operational disruption without requiring advanced exploitation techniques or root access, making it particularly attractive for threat actors seeking to create chaos or disrupt business operations. The impact is further amplified in industrial settings where these devices may be part of critical infrastructure, potentially affecting production processes or safety systems that depend on uninterrupted network connectivity.
Mitigation strategies for this vulnerability should focus on both immediate operational responses and long-term architectural improvements. Network administrators should implement strict access controls limiting FTP access to only essential personnel and establish monitoring protocols to detect unusual file transfer patterns that might indicate exploitation attempts. The device firmware should be updated to properly handle disk space management during file operations, implementing robust error handling and resource allocation mechanisms that prevent system crashes or reboots under normal file transfer conditions. System administrators should also consider implementing network segmentation to isolate affected devices and reduce the potential impact of successful exploitation attempts. From a defensive standpoint, organizations should establish incident response procedures specifically addressing device reboots and denial of service conditions, including automated monitoring for repeated reboots that could indicate exploitation of this vulnerability. The ATT&CK framework categorizes this vulnerability under privilege escalation and denial of service tactics, where the initial authenticated access serves as a foothold for broader operational disruption. Additionally, implementing proper logging and audit trails for all FTP access and file operations will provide crucial forensic data for detecting and analyzing exploitation attempts, while also supporting compliance requirements for security monitoring and incident response activities.