CVE-2025-8515
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-04

Last updated on: 2026-04-29

Assigner: VulDB

Description
A weakness has been identified in Intelbras InControl 2.21.60.9. This vulnerability affects unknown code of the file /v1/operador/ of the component JSON Endpoint. Executing manipulation can lead to information disclosure. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is stated that the exploitability is difficult. The exploit has been made available to the public and could be exploited. Upgrading the affected component is advised.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-04
Last Modified
2026-04-29
Generated
2026-05-06
AI Q&A
2025-08-04
EPSS Evaluated
2026-05-05
NVD
CVE-2025-8515
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
intelbras incontrol_web 2.21.60.9
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-8515 is an information disclosure vulnerability in Intelbras InControl version 2.21.60.9. It affects the JSON Endpoint at /v1/operador/, where a GET request returns a JSON object listing all registered users, including sensitive data such as user IDs, usernames, and password hashes. The flaw allows even users with limited privileges to access this sensitive information due to improper access control on the endpoint, potentially enabling attackers to obtain hashed passwords and attempt further attacks. [1, 2]


How can this vulnerability impact me? :

This vulnerability can lead to unauthorized disclosure of sensitive credential information, such as password hashes, which attackers could use to perform hash cracking or gain unauthorized access to user accounts. This compromises the confidentiality of the system and may facilitate further attacks, potentially impacting system security and user privacy. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by attempting to access the /v1/operador/ JSON endpoint on Intelbras InControl 2.21.60.9 using a GET request with a valid JWT token. If the response returns a 200 OK status with a JSON payload containing user information including user IDs, usernames, and password hashes, the system is vulnerable. A sample detection command using curl would be: curl -H "Authorization: Bearer <JWT_TOKEN>" -X GET https://<target-ip>/v1/operador/ -v. Monitoring for such GET requests to /v1/operador/ and inspecting responses for sensitive data exposure can also help detect exploitation attempts. [1]


What immediate steps should I take to mitigate this vulnerability?

The immediate recommended step to mitigate this vulnerability is to upgrade Intelbras InControl to a fixed version that addresses this issue. Additionally, restricting access to the /v1/operador/ endpoint by enforcing proper role-based access control and limiting network exposure of the service can help reduce risk. Monitoring and blocking unauthorized GET requests to this endpoint may also mitigate exploitation attempts until an upgrade is applied. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart