CVE-2025-8286

CRITICAL NUCLEI

Güralp Systems FMUS Series - Unauthenticated Access

Title source: nuclei

Description

The affected products expose an unauthenticated Telnet-based command line interface that could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device.

Nuclei Templates (1)

Güralp Systems FMUS Series - Unauthenticated Access

CRITICALVERIFIEDby darses

Shodan: "Welcome to " "list of available commands" port:4244

FOFA: "Welcome to " && "list of available commands" && port="4244"

References (1)

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-25-212-01

Scores

CVSS v4 9.3

EPSS 0.0062

EPSS Percentile 70.0%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Details

CWE

CWE-306

Status published

Products (2)

Güralp Systems/Güralp FMUS Series All versions

Güralp Systems/MIN Series Devices All versions

Published Jul 31, 2025

Tracked Since Feb 18, 2026