What is CVE-2025-8284 and how severe is it?

CVE-2025-8284 has a CVSS score of 9.3, making it critically severe. It's classified as Missing Authentication for Critical Function, with no authentication controls in the web interface that allows unauthorized remote attackers to gain full access to device monitoring and control functions.

What can attackers do if they exploit the Packet Power vulnerability?

The authentication bypass allows unauthorized attackers to gain complete control over power monitoring and management functions. Attackers can access device monitoring and control functions without any authentication, potentially disrupting critical power management operations.

What should organizations using Packet Power EMX and EG systems do immediately?

Organizations should immediately update all EMX and EG devices to version 4.1.0 or later. Additionally, they should isolate devices whenever possible and implement network-level access controls to prevent unauthorized access to these critical power monitoring systems.

What additional security measures does Packet Power recommend?

Packet Power advises isolating devices whenever possible and implementing network-level access controls to prevent unauthorized access. These measures provide additional layers of security beyond the software patches to protect against potential exploitation.

What type of authentication flaw exists in Packet Power's systems?

The flaw is classified as Missing Authentication for Critical Function, meaning there are no authentication controls in the web interface. This allows unauthorized remote attackers to gain full access to device monitoring and control functions without providing any credentials.

Should organizations isolate their Packet Power devices from networks?

Yes, Packet Power specifically advises isolating devices whenever possible and implementing network-level access controls. Network isolation is an important security measure that can help prevent unauthorized access to these critical power monitoring systems, especially while organizations are applying security updates.

Advisory

Authentication bypass flaw reported in Packet Power Infrastructure Monitoring devices

Q: Has Packet Power released patches for this critical vulnerability?

Yes, Packet Power has released security updates in version 4.1.0 and later that fixed the authentication bypass vulnerability. The company strongly recommends that organizations immediately update all EMX and EG devices to version 4.1.0 or later.

Q: What are EMX and EG systems and why are they important?

EMX (Energy Management System) and EG (Ethernet Gateway) are Packet Power's industrial monitoring systems used for power monitoring and management functions. These systems are critical for managing electrical infrastructure in industrial and commercial environments.

Q: Why is this authentication bypass vulnerability particularly dangerous?

This vulnerability is particularly dangerous because it affects critical power monitoring and management systems, and there are no authentication controls in the web interface. Attackers can gain complete control without any credentials, potentially disrupting essential power infrastructure operations.

published: Aug. 8, 2025

Take action: If you use Packet Power EMX or EG devices make sure they are isolated from the internet and accesible only fro trusted networks. Then plan a quick update them to version 4.1.0 or later to fix a critical authentication bypass that lets attackers take complete control of your power monitoring systems without any credentials.

Learn More

Packet Power's EMX and EG industrial monitoring systems are reported to be vulerable to authentication bypass that allows unauthorized attackers to gain complete control over power monitoring and management functions.

The flaw is tracked as CVE-2025-8284 (CVSS score 9.3)- Missing Authentication for Critical Function (CVSS score 9.3): No authentication controls in the web interface that allows unauthorized remote attackers to gain full access to device monitoring and control functions.

The vulnerability affects all versions of Packet Power's EMX (Energy Management System) and EG (Ethernet Gateway) products prior to version 4.1.0,

Security researchers Anthony Rose and Jacob Krasnov of BC Security discovered and reported the authentication bypass vulnerability to CISA.

Packet Power has released security updates in version 4.1.0 and later that fixed the authentication bypass vulnerability. The company strongly recommends that organizations immediately update all EMX and EG devices to version 4.1.0 or later. Additionally, Packet Power advises isolating devices whenever possible and implementing network-level access controls to prevent unauthorized access.

Authentication bypass flaw reported in Packet Power Infrastructure Monitoring devices

Read More
Emerson fixes critical issues in Rosemount Gas Chromatograph
Multiple vulnerabilities reported in Tridium Niagara Framework
Unpatched command Injection flaw reported in Trendnet TEW-713RE …
Vulnerabilities discovered in high-power Bosch network connected torque …
Schneider Electric Patches Critical Redis Vulnerabilities in Plant …