CVE-2025-28381

Description

A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers.

PUBLISHED Reserved 2025-03-11 | Published 2025-06-13 | Updated 2025-10-27 | Assigner mitre

References

openc3.com/

visionspace.com/...ment-of-an-open-source-mission-framework/

github.com/OpenC3/cosmos/releases/tag/v6.0.2

github.com/OpenC3/cosmos/pull/1816

github.com/...mmits/cce64c213fd2e6a70e2ccbf3622949fe8f9dcaef

cve.org (CVE-2025-28381)

nvd.nist.gov (CVE-2025-28381)

Download JSON