CVE-2025-0657
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-0657, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-11-27

Last updated on: 2025-11-27

Assigner: Carrier Global Corporation

Description

A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drv_gen5_106-01-2380, allows malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to return the device to network visibility.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-11-27
Last Modified
2025-11-27
Generated
2026-07-06
AI Q&A
2025-11-27
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
carrier i-vu_gen5_router *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-129 The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
CWE-248 An exception is thrown from a function, but it is not caught.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a weakness in the Automated Logic and Carrier i-Vu Gen5 router on driver version drv_gen5_106-01-2380. It allows malformed packets to be sent through the BACnet MS/TP network, which causes the affected devices to enter a fault state. Once in this fault state, the devices become non-responsive on the network and require a manual power cycle to restore network visibility.

Impact Analysis

The impact of this vulnerability is that an attacker can send malformed packets to the affected devices, causing them to enter a fault state and become unreachable on the network. This disrupts normal device operation and network communication until a manual power cycle is performed, potentially causing downtime or loss of control over the devices.

Mitigation Strategies

To mitigate this vulnerability, immediately monitor devices for fault states caused by malformed BACnet MS/TP packets and perform manual power cycles to restore network visibility. Additionally, restrict or filter BACnet MS/TP traffic to prevent malformed packets from reaching affected devices until a patch or update is available.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-0657. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart