How severe is CVE-2025-1081?

This vulnerability has a severity rating of LOW with a CVSS score of 3.1 out of 10.

What type of vulnerability is CVE-2025-1081?

This is classified as CWE-1391, which is a common weakness in software security.

CVE-2025-1081 - LOW Severity | CVSS 3.1

Vulnerability Description

A vulnerability was found in Bharti Airtel Xstream Fiber up to 20250123. It has been rated as problematic. This issue affects some unknown processing of the component WiFi Password Handler. The manipulation leads to use of weak credentials. The attack needs to be done within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2025-32471

LOW

CVSS:3.7(Low)

The device’s passwords have not been adequately salted, making them vulnerable to password extraction attacks.

CWE-13912025

CVE-2023-0635

CRITICAL

CVSS:9.8(Critical)

Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Ser...

CWE-13912023

CVE-2023-31240

CRITICAL

CVSS:9.8(Critical)

Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through...

CWE-13912023

CVE-2024-1039

CRITICAL

CVSS:9.8(Critical)

Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management of the device.

CWE-13912024

CVE-2024-12728

CRITICAL

CVSS:9.8(Critical)

A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3).

CWE-13912024

CVE-2024-43698

CRITICAL

CVSS:9.8(Critical)

Kieback & Peter's DDC4000 series uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system.

CWE-13912024