SecuriTricks - CVE-2025-4994

Description

The SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerability allows attackers to bypass authentication requirements and access the device's configuration service via the Bluetooth Low Energy (BLE) interface. Consequently, an attacker within wireless range can gain unauthorized administrative access to the device configuration.

Product(s) Impacted

Vendor	Product	Versions
Safeline	Safeline Sl6 Safeline Sl6+	* *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-305

Authentication Bypass by Primary Weakness

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	safeline	safeline_sl6	/	/	/	/	/	/	/	/
a	safeline	safeline_sl6+	/	/	/	/	/	/	/	/

References

https://www.schutzwerk.com/en/blog/schutzwerk-sa-2025-001/

CVSS Score

8.7 / 10

CVSS Data - 4.0

Attack Vector: ADJACENT
Attack Complexity: LOW
Attack Requirements: NONE
Privileges Required: NONE
User Interaction: NONE
Scope:
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH
Exploit Maturity: NOT_DEFINED

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

View Vector String

Timeline

Published: June 22, 2026, 10:16 a.m.
Last Modified: June 22, 2026, 7:49 p.m.

Status : Deferred

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

23637b5d-af4c-4cf9-b8f6-deb7fd0f8423

CVE-2025-4994