CISA Alert: Critical Flaw (CVE-2025-8286) in Güralp FMUS Seismic Devices Allows Unauthenticated Takeover, No Patch!

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory about a critical vulnerability—CVE-2025-8286—impacting all versions of Güralp’s FMUS Series seismic monitoring devices. The flaw could allow remote attackers to reconfigure hardware, manipulate seismic data, or even factory reset critical systems—without any form of authentication.

“Successful exploitation of this vulnerability could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device,” CISA warns.

At the core of this vulnerability is a missing authentication mechanism for a Telnet-based command line interface. This interface is exposed across all versions of Güralp FMUS devices—commonly deployed in seismic monitoring infrastructure critical to earthquake detection, geophysical research, and energy exploration.

“The affected products expose an unauthenticated Telnet-based command line interface,” allowing complete control to any attacker with network access.

The vulnerability has been assigned a CVSS v3 base score of 9.8, categorizing it as critical.

What raises even more concern is Güralp’s lack of cooperation in addressing the issue. According to CISA:

“Güralp did not respond to CISA’s attempts at coordination. Users of Güralp are encouraged to contact Güralp and keep their systems up to date.”

This non-response leaves potentially hundreds of seismic devices unpatched and exposed to attack.

Until a vendor patch becomes available, CISA recommends organizations using Güralp devices take the following defensive actions:

• Minimize network exposure: Ensure the devices are not accessible from the internet.
• Isolate systems: Place control networks and remote devices behind firewalls, separate from business networks.
• Use secure remote access: If remote access is essential, use VPNs—ensuring they are fully patched and monitored.
• Monitor for malicious activity: Report unusual behavior to CISA and follow internal incident response procedures.

Related Posts:

• An oil factory in Saudi Arabia was damaged by malicious software
• Apple chip manufacturer TSMC factories infect virus, several factories go offline
• Trend Micro Fortifies AI Security: Integrates NVIDIA Agentic AI Safety for End-to-End Protection
• Data Exfiltration and RCE Risks Found in Azure Data Factory’s Airflow Integration

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy