A vulnerability exists in serial device servers where...
High severity
Unreviewed
Published
Dec 31, 2025
to the GitHub Advisory Database
•
Updated Dec 31, 2025
Description
Published by the National Vulnerability Database
Dec 31, 2025
Published to the GitHub Advisory Database
Dec 31, 2025
Last updated
Dec 31, 2025
A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access to internal debug functionality. Exploitation is low complexity and allows an attacker to execute privileged operations and access sensitive system resources, resulting in a high impact to the confidentiality, integrity, and availability of the affected device. No security impact to external or dependent systems has been identified.
References