cve 2025 11243

CVE-2025-11243 is a high-severity vulnerability affecting the Shelly Pro 4PM smart relay device. A malformed JSON request sent to the device's RPC endpoints can cause the internal JSON parser to over-allocate memory, triggering a reboot and resulting in a denial-of-service (DoS) condition. CISA's advisory assigns a CVSS v4 base score of 8.3, with an attack vector of adjacent network and low attack complexity. Mitigations include applying firmware updates and implementing defensive network measures. This tag covers discussions on the vulnerability, its impact, and recommended steps to secure affected Shelly Pro 4PM units.