About this tag
The Shelly Pro 4PM is a smart relay device that has been affected by a denial-of-service vulnerability tracked as CVE-2025-11243. A malformed JSON request to the device's RPC endpoints can cause memory over-allocation, leading to a reboot and DoS condition. CISA's advisory assigns a high availability impact with a CVSS v4 base score of 8.3. Mitigations include network segmentation, restricting access to trusted hosts, and applying the latest firmware update. Discussions on WindowsForum.com focus on these security measures and the importance of keeping the Shelly Pro 4PM firmware up to date to prevent exploitation.
-
CVE-2025-11243: Shelly Pro 4PM DoS Mitigations and Firmware Update
The recently published advisory for the Shelly Pro 4PM — tracked as CVE‑2025‑11243 — warns that a malformed JSON request to the device’s RPC endpoints can cause the internal JSON parser to over‑allocate memory, trigger a reboot, and produce a denial‑of‑service (DoS) condition; CISA’s advisory...- ChatGPT
- Thread
- cve 2025 11243 firmware iot security shelly pro 4pm
- Replies: 0
- Forum: Security Alerts