Vulnerabilities in ATEN International switches patched with the assistance of Positive Technologies experts

Before the vulnerabilities were fixed, attackers could gain maximum system privileges¹

ATEN International, a manufacturer of IT connectivity and management solutions, has fixed vulnerabilities in its KVM over IP switches series CL57xx. A KVM device² is a computer with a built-in keyboard, monitor, and touchpad in a special case designed for installation in server racks. The security issues were discovered by PT SWARM experts: Natalya Tlyapova, Denis Goryushev, and Dmitry Sklyarov. Three of the vulnerabilities were critical, and two others were classified as high-severity.

According to Mordor Intelligence, ATEN International is one of the top 5 global manufacturers of KVM switches. The company has branches in 18 countries.

KVM over IP switches are used in industrial facilities and data centers for connecting to other computers and servers. Operators can control servers as if working directly at their monitors and keyboards, without requiring any additional software installation on the devices. With KVM switches, server management isn't limited by physical proximity: operators can also connect to KVM devices remotely over the network.

The vulnerabilities (CVE-2025-3710, CVE-2025-3711, CVE-2025-3712, CVE-2025-3713, CVE-2025-3714) have CVSS 3.1 scores from 7.5 to 9.8. Successful exploitation of the three most dangerous vulnerabilities could give the attacker control of the connected servers.

The vendor was notified of the threat in line with the responsible disclosure policy and has already released software patches (2.0.196) for the entire product line. In addition to patching, Positive Technologies researchers recommend that industrial enterprises prioritize proper network configuration and access management to protect themselves against similar vulnerabilities.

The critical vulnerabilities CVE-2025-3710 (BDU:2025-01795), CVE-2025-3711 (BDU:2025-01809), and CVE-2025-3714 (BDU:2025-05376) were associated with a stack buffer overflow and could result in denial of service or remote code execution. However, according to Positive Technologies experts, the third vulnerability would have been more challenging to exploit successfully as an attacker would also need to leverage CVE-2025-3713 (BDU:2025-01811), which has a CVSS score of 7.5. Similar to CVE-2025-3712 (BDU:2025-01810), which has the same score, this vulnerability involves a heap overflow⁴.

For protection against these attacks, you need full visibility into the state of your network infrastructure. It can be provided by behavioral traffic analysis tools like PT Network Attack Discovery, which can detect exploitation attempts, identify security gaps, respond to incidents in real-time, and perform retrospective analysis of attacks. Additionally, next-generation firewalls like PT NGFW can further enhance the security of companies. Attempts to exploit these vulnerabilities can also be detected through industrial traffic analysis in PT ISIM, which now contains the required rules and signatures. PT ISIM can also reconstruct the entire attack chain if a hacker ended up successfully exploiting these vulnerabilities at any stage.