CVE-2025-35021

Name of the Vulnerable Software and Affected Versions Abilis CPX (affected versions not specified)

Description An attacker can gain access to a restricted shell on an unconfigured Abilis CPX device by repeatedly failing to authenticate via SSH. Specifically, after three unsuccessful authentication attempts, a fourth attempt allows login and enables connection relaying. This occurs because the device does not properly handle repeated failed login attempts.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.