CVE-2025-34034

HIGH EXPLOITED

Blue Angel Software Suite - Info Disclosure

Title source: llm

Description

A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-26 UTC.

Exploits (1)

exploitdb WORKING POC

by Paolo Serracino_ Pietro Minniti_ Damiano Proietti · pythonremotelinux

https://www.exploit-db.com/exploits/46792

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/46792

[Third Party Advisory] https://vulncheck.com/advisories/5vtechnologies-blue-angel-hardcoded-credentials

Scores

CVSS v3 8.8

EPSS 0.0037

EPSS Percentile 59.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2025-06-23

CWE

CWE-798

Status published

Products (2)

5VTechnologies/Blue Angel Software Suite

5vtechnologies/blue_angel_software_suite

Published Jun 24, 2025

Tracked Since Feb 18, 2026