PT-2025-47440 · Shelly · Shelly 4Pm Pro
Published
2025-11-19
·
Updated
2025-11-21
·
CVE-2025-11243
CVSS v4.0
8.3
High
| Vector | AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H |
Name of the Vulnerable Software and Affected Versions
Shelly Pro 4PM versions prior to 1.6
Description
A flaw exists in Shelly Pro 4PM that allows for excessive resource allocation through the network. This can lead to a denial of service due to resource exhaustion. Unauthenticated attackers can exploit this issue.
Recommendations
Update to firmware version 1.6 or later.
Restrict network access to the device.
Fix
DoS
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Shelly 4Pm Pro