CVE-2025-7635 in GigaCenter ONT
Summary
by MITRE • 09/09/2025
Unauthenticated Telnet access vulnerability in Calix GigaCenter ONT allows root access.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 12/23/2025
The vulnerability identified as CVE-2025-7635 represents a critical security flaw in Calix GigaCenter ONT devices that exposes unauthenticated telnet access leading to root privileges. This vulnerability specifically impacts the 844E, 844G, 844GE, and 854GE models of the GigaCenter ONT series, which are widely deployed in telecommunications infrastructure for providing broadband services to end users. The flaw stems from insufficient authentication mechanisms within the telnet service implementation, allowing any remote attacker to establish a telnet session without requiring valid credentials. This represents a fundamental breakdown in the device's security architecture where the default configuration fails to enforce proper access controls, creating an entry point for malicious actors to gain full administrative control over the affected hardware.
The technical nature of this vulnerability aligns with CWE-287, which addresses improper authentication issues in network services, and demonstrates how weak authentication mechanisms can lead to complete system compromise. When an attacker successfully connects via telnet, they obtain root-level privileges that provide unrestricted access to the device's operating system, configuration files, network interfaces, and all underlying services. This level of access enables adversaries to modify device configurations, install malicious software, monitor network traffic, or use the compromised device as a pivot point for attacking other systems within the network. The vulnerability exists at the application layer of the network stack where telnet service listens for incoming connections without proper authentication checks, making it particularly dangerous as telnet is a well-known protocol that security tools often scan for in network reconnaissance activities.
The operational impact of this vulnerability extends beyond simple privilege escalation to encompass significant risks for network infrastructure security. Organizations deploying these Calix devices face potential service disruption, data breaches, and unauthorized network access that could compromise entire network segments. Attackers could leverage this vulnerability to perform man-in-the-middle attacks, redirect traffic, or establish persistent backdoors within the network infrastructure. The implications are particularly severe given that these devices typically serve as the edge of customer networks, making them attractive targets for attackers seeking to expand their access within larger network environments. The vulnerability also creates challenges for compliance with industry standards such as nist 800-53 and iso 27001, which require robust access controls and authentication mechanisms to protect critical infrastructure components.
Mitigation strategies for CVE-2025-7635 should prioritize immediate implementation of network segmentation and access control measures to limit exposure of affected devices. Organizations must disable telnet services entirely and replace them with secure alternatives such as ssh protocols that provide proper authentication and encryption. Network administrators should implement strict firewall rules to block external telnet access while ensuring that internal access is properly authenticated and monitored. The affected devices should be updated with firmware patches provided by Calix to address the authentication flaw, and network monitoring systems should be configured to detect and alert on unauthorized telnet connection attempts. Additionally, security teams should conduct comprehensive vulnerability assessments to identify any other services running with weak authentication mechanisms and ensure that all network devices adhere to principle of least privilege configurations. This vulnerability serves as a reminder of the critical importance of secure default configurations and the need for regular security audits of network infrastructure components.