shelly pro 4pm

The Shelly Pro 4PM is a smart relay device that has been affected by a denial-of-service vulnerability tracked as CVE-2025-11243. A malformed JSON request to the device's RPC endpoints can cause memory over-allocation, leading to a reboot and DoS condition. CISA's advisory assigns a high availability impact with a CVSS v4 base score of 8.3. Mitigations include network segmentation, restricting access to trusted hosts, and applying the latest firmware update. Discussions on WindowsForum.com focus on these security measures and the importance of keeping the Shelly Pro 4PM firmware up to date to prevent exploitation.