CVE-2025-4994

high

Description

The SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerability allows attackers to bypass authentication requirements and access the device's configuration service via the Bluetooth Low Energy (BLE) interface. Consequently, an attacker within wireless range can gain unauthorized administrative access to the device configuration.

References

https://www.schutzwerk.com/en/blog/schutzwerk-sa-2025-001/

http://seclists.org/fulldisclosure/2026/Jul/17

Details

Source: Mitre, NVD

Published: 2026-06-22

Updated: 2026-07-07

Risk Information

CVSS v2

Base Score: 7.3

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High

CVSS v4

Base Score: 8.7

Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.002