Critical authentication bypass in Güralp Systems seismic monitoring devices
Take action: Make sure all Güralp devices are isolated from the internet and accessible from trusted networks only. Review the patch, and consult with the vendor since it's still experimental. At minimum, isolate all systems from the internet, then wait for the final patch.
Learn More
Güralp Systems, a United Kingdom-based manufacturer, reports a critical security flaw affecting its seismic monitoring and digitizing hardware.
The vulnerability is tracked as CVE-2025-8286 (CVSS score 9.8) - Missing authentication for critical functions in Güralp FMUS and MIN series devices via Telnet-based command line. It allows remote takeover and data manipulation.
Remote attackers can exploit this lack of access control to modify hardware configurations, manipulate sensitive seismic data, or initiate a factory reset.
For Minimus-based products (including Fortimus and Certimus), Güralp has released experimental firmware release v2.1-29897 that adds authentication for Telnet access. Since the patch is an experimental release, users should evaluate it in line with their operational and security requirements before upgrading. If users have any questions, they are encouraged to contact support@guralp.com.
CISA and Güralp Systems recommend that all control system devices are isolated from the internet and placed behind firewalls. If remote management is required, administrators should use a Virtual Private Network (VPN) to create a secure tunnel, though they must also keep the VPN software updated to prevent secondary exploits.
