CVE-2025-4994 | The SafeLine SL6 and SL6+ devices integrated into elevator e… | CVSS 8.7 HIGH

Description

The SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerability allows attackers to bypass authentication requirements and access the device's configuration service via the Bluetooth Low Energy (BLE) interface. Consequently, an attacker within wireless range can gain unauthorized administrative access to the device configuration.

Metadata

CVE ID: CVE-2025-4994
State: PUBLISHED
Assigner: SCHUTZWERK
Reserved: 2025-05-20 08:40 UTC
Published: 2026-06-22 08:10 UTC
Last updated: 2026-06-22 12:25 UTC
Primary CWE: CWE-305
CWE-305 Authentication bypass by primary weakness
Vendor / Product: SafeLine / SafeLine SL6/SL6+
Sources: cve.org · NVD

Severity & Metrics

8.7 HIGH CVSS 4.0

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
SafeLine	SafeLine SL6/SL6+	—	4.82 < 4.97

Weakness (CWE)

CWE	Source	Description
CWE-305	cna	CWE-305 Authentication bypass by primary weakness

CVSS scores (1)

Score	Severity	Version	Source	Vector
8.7	HIGH	4.0	cna	CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References (1)

https://www.schutzwerk.com/en/blog/schutzwerk-sa-2025-001/