Vulnerability Database

309,136

Total vulnerabilities in the database

CVE-2025-3498

An unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) configuration. The device has two web servers that expose unauthenticated REST APIs on the management network (TCP ports 8084 and 8086). An attacker can use these APIs to get access to all system settings, modify the configuration and execute some commands (e.g., system reboot).

Published: Jul 9, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-3498
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.9
AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L

CWEs:

CWE-306

Affected Software
References

No affected software listed.

https://www.cvcn.gov.it/cvcn/cve/CVE-2025-3498

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo