CVE-2025-6521

CVSS v3 7.6 HIGH

7.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.8

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

D

uring the initial setup of the device the user connects to an access point broadcast by the Sight Bulb Pro. During the negotiation, AES Encryption keys are passed in cleartext. If captured, an attacker may be able to decrypt communications between the management app and the Sight Bulb Pro which may include sensitive information such as network credentials.

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-177-02
https://www.trendmakerscares.com/Customer-Service-Hours

Configurations

No configuration.

History

30 Jun 2025, 18:38

Type	Values Removed	Values Added
Summary		(es) Durante la configuración inicial del dispositivo, el usuario se conecta a un punto de acceso transmitido por Sight Bulb Pro. Durante la negociación, las claves de cifrado AES se transmiten en texto plano. Si se capturan, un atacante podría descifrar las comunicaciones entre la aplicación de administración y Sight Bulb Pro, que pueden incluir información confidencial como las credenciales de red.

27 Jun 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-27 17:15

Updated : 2025-06-30 18:38

NVD link : CVE-2025-6521

Mitre link : CVE-2025-6521

CVE.ORG link : CVE-2025-6521

JSON object : View

Products Affected

No product.

CWE

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

{"id": "CVE-2025-6521", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 1.2}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.8, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-06-27T17:15:35.073", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-177-02", "source": "[email protected]"}, {"url": "https://www.trendmakerscares.com/Customer-Service-Hours", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-327"}]}], "descriptions": [{"lang": "en", "value": "During the initial setup of the device the user connects to an access \npoint broadcast by the Sight Bulb Pro. During the negotiation, AES \nEncryption keys are passed in cleartext. If captured, an attacker may be\n able to decrypt communications between the management app and the Sight\n Bulb Pro which may include sensitive information such as network \ncredentials."}, {"lang": "es", "value": "Durante la configuraci\u00f3n inicial del dispositivo, el usuario se conecta a un punto de acceso transmitido por Sight Bulb Pro. Durante la negociaci\u00f3n, las claves de cifrado AES se transmiten en texto plano. Si se capturan, un atacante podr\u00eda descifrar las comunicaciones entre la aplicaci\u00f3n de administraci\u00f3n y Sight Bulb Pro, que pueden incluir informaci\u00f3n confidencial como las credenciales de red."}], "lastModified": "2025-06-30T18:38:23.493", "sourceIdentifier": "[email protected]"}