Week 28 – Critical vulnerability in OT environment

07 – 13 July 2025

OT environments power things that keep our world turning, from factories to critical infrastructure like power plants. As one can imagine, the security of such systems is paramount. However, they pose very different challenges from traditional IT networks. As an operator of an OT network, you are faced with legacy systems, obscure protocols and of course, grave consequences if anything goes wrong.

Radiflow is a company that aims to ease this burden by offering a line of products tailor-made for OT network monitoring and security visibility. The iSAP Smart Collector is a crucial element in Radiflow’s ecosystem, capturing packets from port mirrors, then forwarding them to a central server.

Today, this little device made its way to our CVE of the Week series, with a critical vulnerability tagged as CVE-2025-3499.

While not a lot of details are available at the time of writing, it is known that two unauthenticated APIs are wide open to the management network, listening on TCP ports 8084 and 8086. This missing authentication is bad enough by itself, but these endpoints are also vulnerable to command injection, enabling a remote attacker to execute arbitrary commands.

The situation is worsened by the fact that the underlying operating system, CentOS 7 is in End-of-Life status, meaning that the device is not receiving critical security updates for the platform its functionality was built on.

Both weaknesses affect all Smart Collector devices from version 1.20 up until 3.02-1, which fixed these issues. To stay protected, ensure that none of your OT monitoring devices are running an affected version and, of course, restrict access to the management network, following the principle of least privilege.

NIST advisory: https://nvd.nist.gov/vuln/detail/cve-2025-5622#
Radiflow product page: https://www.radiflow.com/products/isap/

White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024.

With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.

They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.