Infoblox NETMRI - Authentication Bypass (CVE-2025-32815)
148Exploiting IPs reported
An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur.
CrowdSec analysis
CVE-2025-32815 is an authentication bypass vulnerability in Infoblox NETMRI versions prior to 7.6.1, allows attackers to exploit hardcoded credentials to gain unauthorized access. Such a flaw could enable threat actors to bypass normal authentication mechanisms, potentially leading to full system compromise or unauthorized manipulation of network management functions.
CrowdSec has been tracking this vulnerability and its exploits since 16th of July 2025.
CrowdSec network observations suggest that most exploitation of CVE-2025-32815 involves focused reconnaissance to identify viable targets. Attackers typically tailor their campaigns based on system exposure and configuration. It is unlikely that a given attack is accidental. Telemetry from the CrowdSec network also shows that exploitation activity for CVE-2025-32815 remains steady week-over-week. Attack volumes are consistent with long-term trends, indicating sustained interest from threat actors. CVE-2025-32815 continues to be an active part of the threat landscape and will likely remain this way for the forseeable future.
Attackers exploit authentication bypass by sending crafted requests to /netmri/common/SetRawCookie.tdf with hardcoded credentials, or attempt to access sensitive files like /etc/shadow via /visual/ViewerFileServlet.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.