CVE-2025-41438 | THREATINT

Description

The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even though it is possible to change this by SSHing into the device, it has remained unchanged on every installed system observed. This account is not root but holds high-level permissions that could severely impact the device's operation if exploited.

PUBLISHED Reserved 2025-05-15 | Published 2025-05-29 | Updated 2025-05-30 | Assigner icscert

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-1188

Product status

Default status

unaffected

All versions

affected

Credits

Andrew Tierney of Pen Test Partners reported these vulnerabilities to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-25-148-03

www.consiliumsafety.com/en/support/

cve.org (CVE-2025-41438)

nvd.nist.gov (CVE-2025-41438)

Download JSON