Critical Cybersecurity Flaws in Kaleris Navis N4 Expose Global Ports to Disruption

Critical Cybersecurity Flaws in Kaleris Navis N4 Expose Global Ports to Disruption

Two critical vulnerabilities in the widely-used Kaleris Navis N4 terminal operating system are placing global port operations and sensitive data at significant risk, prompting a stark warning for the maritime sector. The flaws, identified as CVE-2025-2566 and CVE-2025-5087, could allow attackers to remotely execute code and steal credentials, potentially leading to widespread disruption of the global supply chain.

The Kaleris Navis N4, a product of the U.S.-based technology vendor Kaleris, is a cornerstone of modern terminal operations, streamlining everything from vessel berthing and cargo movement to yard planning and gate processing. Its extensive deployment in major global terminals makes the newly disclosed vulnerabilities a matter of international concern.

The most severe of the two flaws, CVE-2025-2566, is an unsafe Java deserialization vulnerability within the Ultra Light Client (ULC) component of older N4 versions, carrying a critical CVSS score of 9.8 out of 10. This vulnerability could permit an unauthenticated attacker to execute arbitrary code on the server by sending specially crafted requests. Successful exploitation could lead to the installation of malicious software like ransomware, manipulation of operational data, or a complete disruption of logistics.

The second vulnerability, CVE-2025-5087, involves the cleartext transmission of sensitive information and has been assigned a CVSS score of 5.9. The Navis N4's ULC component transmits zlib-compressed data over HTTP, which makes it possible for attackers on the network to intercept and extract plaintext credentials and other confidential data. This could grant unauthorized access to sensitive port operations and networks.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory detailing the risks and recommended mitigation measures. Successful exploitation of these vulnerabilities could allow an attacker to remotely compromise the operating system, achieve remote code execution, or extract sensitive information.

Mitigation and Recommendations

Kaleris has addressed the vulnerabilities by releasing patched versions of the Navis N4 software and has sent security advisories to all its customers. The company urges users to upgrade to version 4.0 or newer, which replaces the vulnerable ULC with a more secure HTML-based user interface.

For those unable to immediately update, Kaleris and CISA recommend a series of defensive measures:

• Minimize Network Exposure: Ensure that control system devices and systems are not accessible from the internet.
• Firewall Implementation: Locate control system networks and remote devices behind firewalls and isolate them from business networks.
• Secure Remote Access: When remote access is necessary, use secure methods such as Virtual Private Networks (VPNs).
• Disable Vulnerable Components: If possible, disable the Ultra Light Client endpoint on exposed nodes.
• Implement TLS: Users are required to implement Transport Layer Security (TLS) in their load balancer.

The disclosure of these vulnerabilities serves as a critical reminder of the increasing digital attack surface in the maritime industry and the urgent need for robust cybersecurity measures to protect the global supply chain.