CVE-2025-48461

MEDIUM

Unspecified - Info Disclosure

Title source: llm

Description

Successful exploitation of the vulnerability could allow an unauthenticated attacker to conduct brute force guessing and account takeover as the session cookies are predictable, potentially allowing the attackers to gain root, admin or user access and reset passwords.

Exploits (1)

nomisec WRITEUP

by joelczk · poc

https://github.com/joelczk/CVE-2025-48461

View Code ZIP pw:eip

References (1)

[Third Party Advisory] https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-061/

Scores

CVSS v3 5.0

EPSS 0.0003

EPSS Percentile 7.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-341

Status published

Products (3)

advantech/wise-4010lan_firmware

advantech/wise-4050lan_firmware

advantech/wise-4060lan_firmware

Published Jun 24, 2025

Tracked Since Feb 18, 2026