CVE-2025-5095

CRITICAL

Burk Technology ARC Solo - Auth Bypass

Title source: llm

Description

Burk Technology ARC Solo's password change mechanism can be utilized without proper authentication procedures, allowing an attacker to take over the device. A password change request can be sent directly to the device's HTTP endpoint without providing valid credentials. The system does not enforce proper authentication or session validation, allowing the password change to proceed without verifying the request's legitimacy.

Exploits (1)

nomisec WORKING POC
by TeteuXD2 · poc
https://github.com/TeteuXD2/CVE-2025-5095-POC

References (2)

Scores

CVSS v3 9.8
EPSS 0.0011
EPSS Percentile 28.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-306
Status published
Products (1)
Burk Technology/ARC Solo < 1.0.62
Published Aug 08, 2025
Tracked Since Feb 18, 2026