CVE-2025-47698

An adjacent attacker without authentication can exploit this vulnerability to retrieve a set of user-privileged credentials. These credentials are present during the firmware upgrade procedure.

VectorADJACENT

Published Byics-cert@hq.dhs.gov

Published DateSep 18, 2025, 21:15

Weakness Type (CWE):CWE-319

CVSS Metrics

Base Score

8.6

Vector String

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Base Severity

HIGH

Version

4.0

Attack Vector (AV)

ADJACENT

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

PASSIVE

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-06

Base Score

HIGH8.6

Weakness Type (CWE):CWE-319

CVSS Metrics

Base Score

8.6

Vector String

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Base Severity

HIGH

Version

4.0

Attack Vector (AV)

ADJACENT

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

PASSIVE

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)