CVE-2025-8476
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-01

Last updated on: 2025-08-12

Assigner: Zero Day Initiative

Description
Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TIDAL music streaming application. The issue results from improper certificate validation. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-26322.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-01
Last Modified
2025-08-12
Generated
2026-05-07
AI Q&A
2025-08-01
EPSS Evaluated
2026-05-05
NVD
CVE-2025-8476
EUVD
EUVD-2025-23398
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
alpsalpine ilx-507_firmware 6.0.000
alpsalpine ilx-507 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the TIDAL music streaming application on Alpine iLX-507 devices. It is caused by improper certificate validation, which allows network-adjacent attackers to potentially execute arbitrary code on the affected device without requiring authentication.


How can this vulnerability impact me? :

An attacker exploiting this vulnerability can execute arbitrary code with root privileges on the affected Alpine iLX-507 device. This could lead to full compromise of the device, including unauthorized control and potential disruption of its normal operation.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart