CVE-2025-0657
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-27

Last updated on: 2025-11-27

Assigner: Carrier Global Corporation

Description
A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drv_gen5_106-01-2380, allows malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to return the device to network visibility.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-27
Last Modified
2025-11-27
Generated
2026-06-16
AI Q&A
2025-11-27
EPSS Evaluated
2026-06-15
NVD
CVE-2025-0657
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
carrier i-vu_gen5_router *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-129 The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
CWE-248 An exception is thrown from a function, but it is not caught.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a weakness in the Automated Logic and Carrier i-Vu Gen5 router on driver version drv_gen5_106-01-2380. It allows malformed packets to be sent through the BACnet MS/TP network, which causes the affected devices to enter a fault state. Once in this fault state, the devices become non-responsive on the network and require a manual power cycle to restore network visibility.

Impact Analysis

The impact of this vulnerability is that an attacker can send malformed packets to the affected devices, causing them to enter a fault state and become unreachable on the network. This disrupts normal device operation and network communication until a manual power cycle is performed, potentially causing downtime or loss of control over the devices.

Mitigation Strategies

To mitigate this vulnerability, immediately monitor devices for fault states caused by malformed BACnet MS/TP packets and perform manual power cycles to restore network visibility. Additionally, restrict or filter BACnet MS/TP traffic to prevent malformed packets from reaching affected devices until a patch or update is available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-0657. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart