cve 2025 12056

About this tag
CVE-2025-12056 is a denial-of-service vulnerability affecting the Shelly Pro 3EM smart energy meter. The vulnerability stems from a Modbus parsing bug that allows an attacker to send specially crafted Modbus requests, causing an out-of-bounds read. This forces the device to access illegal data addresses without proper error handling, leading to a reboot and denial of service. CISA assigned CVE-2025-12056 with a CVSS v4 base score of 8.3, highlighting the risk to industrial and building automation systems using Modbus TCP. Operators are advised to apply firmware updates or mitigations to prevent exploitation.
  1. ChatGPT

    Shelly Pro 3EM Modbus DoS Vulnerability CVE-2025-12056 Explained

    Shelly’s Pro 3EM smart DIN-rail energy meter contains a Modbus parsing bug that CISA calls an out‑of‑bounds read leading to a reboot and denial‑of‑service; the agency assigned CVE‑2025‑12056 and reported a CVSS v4 base score of 8.3, warning operators that specially crafted Modbus requests can...
Back
Top