CVE-2025-13510

Description

The Iskra iHUB and iHUB Lite smart metering gateway exposes its web management interface without requiring authentication, allowing unauthenticated users to access and modify critical device settings.

PUBLISHED Reserved 2025-11-21 | Published 2025-12-02 | Updated 2025-12-02 | Assigner icscert

Problem types

CWE-306 Missing Authentication for Critical Function

Product status

Credits

Souvik Kandar finder

References

www.cisa.gov/news-events/ics-advisories/icsa-25-336-02 government-resource

cve.org (CVE-2025-13510)

nvd.nist.gov (CVE-2025-13510)