CVE-2025-0681

Published Jan 30, 2025

Last updated 23 days ago

CVSS medium 6.9

Overview

Description
The Cloud MQTT service of the affected products supports wildcard topic subscription which could allow an attacker to obtain sensitive information from tapping the service communications.
Source
ics-cert@hq.dhs.gov
NVD status
Received

Risk scores

CVSS 4.0

Type
Secondary
Base score
6.9
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
MEDIUM

CVSS 3.1

Type
Secondary
Base score
6.2
Impact score
3.6
Exploitability score
2.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

ics-cert@hq.dhs.gov
CWE-155

Social media

Hype score
Not currently trending

  1. CVE-2025-0681 The Cloud MQTT service of the affected products supports wildcard topic subscription which could allow an attacker to obtain sensitive information from tapping the se… https://t.co/NvDzQgG4wu

    @CVEnew

    30 Jan 2025

    67 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References