A newly discovered vulnerability in Western Telematic products, designated as CVE-2025-0630, poses significant risks to critical infrastructure systems. This Local File Inclusion (LFI) vulnerability could allow attackers to access sensitive files and potentially execute arbitrary code on affected devices.

What is CVE-2025-0630?

CVE-2025-0630 is a critical security flaw affecting multiple Western Telematic products, including their popular IP power switches and serial console servers. The vulnerability stems from improper input validation in web interface components, allowing attackers to manipulate file paths and access restricted system files.

Affected Products

  • WTI IPS-800 series power switches
  • WTI MPC series console servers
  • WTI VMR series remote management devices
  • All firmware versions prior to 5.2.7

Technical Analysis

The vulnerability (CVSS score: 9.1) enables:
- Unauthorized file system access
- Potential credential theft
- System configuration manipulation
- Possible remote code execution

Attack vectors typically involve specially crafted HTTP requests to the web management interface. Security researchers have confirmed proof-of-concept exploits in controlled environments.

Mitigation Strategies

Western Telematic has released firmware updates addressing this vulnerability. Organizations should:
1. Immediately update to firmware version 5.2.7 or later
2. Restrict network access to management interfaces
3. Implement web application firewalls with LFI protection rules
4. Monitor for unusual file access patterns

Impact on Critical Infrastructure

Given Western Telematic's widespread use in:
- Power utilities
- Telecommunications
- Industrial control systems
This vulnerability presents substantial risks to operational technology environments. Successful exploitation could lead to:
- Unauthorized device control
- Service disruption
- Data exfiltration

Detection and Response

Security teams should look for:
- Unusual file access logs in web server components
- Multiple failed LFI attempts
- Unexpected system file modifications

Long-term Security Considerations

This incident highlights the need for:
- Regular firmware updates
- Network segmentation for management interfaces
- Comprehensive vulnerability management programs
- Supplier security assessments

Western Telematic has established a security advisory page with detailed remediation instructions. Organizations using affected products should treat this as a high-priority security issue.