CVE-2025-48461

MEDIUM

Advantech WISE-4060LAN/4050LAN/4010LAN Firmware - Unauthenticated Account Takeover via Predictable Session Cookies

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-48461. PoCs published by joelczk.

AI-analyzed exploit summary The repository describes a vulnerability in Advantech WISE-4060 where session cookies follow a predictable pattern (60D01EXXXXX), allowing brute-force attacks to gain unauthorized admin access. It includes technical details about the cookie format and impact but lacks exploit code.

Description

Successful exploitation of the vulnerability could allow an unauthenticated attacker to conduct brute force guessing and account takeover as the session cookies are predictable, potentially allowing the attackers to gain root, admin or user access and reset passwords.

Exploits (1)

nomisec WRITEUP
by joelczk · poc
https://github.com/joelczk/CVE-2025-48461

The repository describes a vulnerability in Advantech WISE-4060 where session cookies follow a predictable pattern (60D01EXXXXX), allowing brute-force attacks to gain unauthorized admin access. It includes technical details about the cookie format and impact but lacks exploit code.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Advantech WISE-4060
No auth needed
Prerequisites: Network access to the Advantech WISE-4060 portal
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 5.0
EPSS 0.0043
EPSS Percentile 34.2%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-341
Status published
Products (3)
advantech/wise-4010lan_firmware
advantech/wise-4050lan_firmware
advantech/wise-4060lan_firmware
Published Jun 24, 2025
Tracked Since Feb 18, 2026