Critical authentication bypass flaw reported in Instantel Micromate industrial monitoring devices
Take action: If you use Instantel Micromate devices make sure they are isolated from the internet. Scans say that over 1,000 of these devices are currently exposed online. Then plan a quick update to latest version since they can be completely taken over without authentication.
Learn More
Instantel's Micromate industrial monitoring system, is reported to contain an authentication bypass vulnerability that allows unauthenticated attackers to execute arbitrary commands on affected devices.
Instantel Micromate devices are industrial monitoring equipment designed to record vibration, noise, and air overpressure measurements for mining operations, tunneling projects, bridge monitoring, construction activities, and environmental safety assessments.
The flaw is tracked as CVE-2025-1907 (CVSS score 9.3) - Missing Authentication for Critical Function. Lack of authentication controls on a configuration port used for device management. It enables remote attackers to gain full control over monitoring equipment.
The vulnerability affects all versions of Micromate prior to 11.0BD and 11.0CB. Security researcher Souvik Kandar of MicroSec, who discovered and reported the vulnerability to CISA, has identified over 1,000 internet-exposed Micromate devices worldwide that could be vulnerable to remote attacks.
Instantel has released security updates to fix authentication bypass vulnerability. The patches are available for download from Instantel's official website and should be applied to all deployed Micromate systems. The company has also provided additional security recommendations including establishing and maintaining approved IP address lists for modem access to help prevent unauthorized connections to vulnerable devices.
