Güralp Systems Fortimus Series, Minimus Series, and Certimus Series

MonitorCVSS 5.3ICS-CERT ICSA-25-350-01Dec 16, 2025

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Güralp Systems Fortimus, Minimus, and Certimus Series all versions contain a resource exhaustion vulnerability (CWE-770) that allows an attacker to cause a denial-of-service condition on the affected devices.

What this means

What could happen

An attacker with network access can exhaust resources on affected Güralp seismic monitoring devices, causing them to stop responding and interrupting data collection and monitoring operations.

Who's at risk

Seismic monitoring operators and facilities deploying Güralp Systems Fortimus, Minimus, or Certimus Series seismic sensors and data loggers should be concerned. These devices are deployed in earthquake monitoring networks, research facilities, and critical infrastructure sites. All versions are affected.

How it could be exploited

An attacker on the network sends specially crafted requests to the affected device, exhausting its available resources (memory, processing, connections, or other finite system resources), which causes the device to become unresponsive or crash. The attacker does not need credentials or authentication.

Prerequisites

Network access to the affected Güralp device on its operational port(s)
No authentication required

remotely exploitableno authentication requiredlow complexityno patch availablevendor will not release fix

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (3)

3 EOL

ProductAffected VersionsFix Status

Minimus Series: vers:all/*All versionsNo fix (EOL)

Fortimus Series: vers:all/*All versionsNo fix (EOL)

Certimus Series: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGPlace affected Güralp devices behind a NAT or VPN firewall to restrict direct inbound network access from untrusted networks

HARDENINGImplement network segmentation to isolate Güralp seismic monitoring devices on a restricted VLAN with ingress filtering rules that block unauthorized traffic

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGDeploy a rate-limiting or traffic-filtering rule on network borders to detect and block resource exhaustion attacks targeting the affected devices

CVEs (1)

CVE-2025-14466

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/96eeff1b-561d-442a-9af0-ea163ec8bd67

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.