CVE-2025-2185 | THREATINT

Description

ALBEDO Telecom Net.Time - PTP/NTP clock (Serial No. NBC0081P) software release 1.4.4 is vulnerable to an insufficient session expiration vulnerability, which could permit an attacker to transmit passwords over unencrypted connections, resulting in the product becoming vulnerable to interception.

PUBLISHED Reserved 2025-03-10 | Published 2025-04-24 | Updated 2025-04-25 | Assigner icscert

HIGH: 8.0CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

HIGH: 8.5CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-613 Insufficient Session Expiration

Product status

Default status

unaffected

1.4.4

affected

Credits

Khalid Markar, Parul Sindhwad & Dr. Faruk Kazi from CoE-CNDS Lab reported this vulnerability to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-25-114-02

www.albedotelecom.com/contactus.php

cve.org (CVE-2025-2185)

nvd.nist.gov (CVE-2025-2185)

Download JSON