Overview

This report discusses a notable cybersecurity vulnerability labeled as CVE-2025-2403. This security flaw affects Relion 670/650 and SAM600-IO series devices. If exploited, this vulnerability could lead to a denial-of-service attack, causing critical functions in the affected devices to malfunction. This security risk is a serious concern as it has the potential to compromise system integrity or lead to data leakage.

Vulnerability Summary

CVE ID: CVE-2025-2403
Severity: High (CVSS: 7.5)
Attack Vector: Network
Privileges Required: None
User Interaction: None
Impact: A successful exploit could lead to potential system compromise or data leakage.

Affected Products

Product | Affected Versions

Relion 670 Series | All versions
Relion 650 Series | All versions
SAM600-IO series | All versions

How the Exploit Works

The exploit takes advantage of a weakness in the way network traffic is prioritized over the protection mechanism in Relion 670/650 and SAM600-IO series devices. The vulnerability allows a cybercriminal to launch a denial-of-service (DoS) attack, causing critical functions like the Line Distance Communication Module (LDCM) to malfunction. This could potentially lead to system compromise or data leakage.

Conceptual Example Code

Here’s a conceptual example of how the vulnerability might be exploited using a network flooding attack:

#!/bin/bash
for i in {1..5000}
do
echo "Sending malicious packet $i"
echo "malicious_packet" | nc target_device_ip -u -w1
done

This script sends multiple “malicious_packet” to the target device’s IP address, potentially causing it to become overwhelmed and trigger a denial-of-service condition.
Please note that this is a conceptual example and does not contain a real malicious payload. The actual exploitation of this vulnerability would require a deep understanding of the specific device network protocols and the ability to craft malicious network packets that exploit the described vulnerability.