CVE-2025-4687

HIGH

Teltonika Networks RMS <5.7 - Privilege Escalation

Title source: llm

Description

In Teltonika Networks Remote Management System (RMS), it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they are added to the attackers company without their knowledge. The victims account and their company can then be managed by the attacker.This issue affects RMS: before 5.7.

References (1)

[Various Sources] https://jowin922.medium.com/cve-2025-4687-pre-account-takeover-through-invite-on-teletonika-rms-website-972335378829

Scores

CVSS v4 7.2

EPSS 0.0024

EPSS Percentile 46.5%

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:H/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-288

Status published

Products (1)

Teltonika Networks/RMS < 5.7

Published May 29, 2025

Tracked Since Feb 18, 2026