How severe is CVE-2025-5124?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2025-5124?

This is classified as CWE-1392, which is a common weakness in software security.

CVE-2025-5124 - CRITICAL Severity | CVSS 8.1

Vulnerability Description

A vulnerability classified as critical has been found in Sony SNC-M1, SNC-M3, SNC-RZ25N, SNC-RZ30N, SNC-DS10, SNC-CS3N and SNC-RX570N up to 1.30. This affects an unknown part of the component Administrative Interface. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. It is recommended to change the configuration settings. The vendor was contacted early about this issue. They confirmed the existence but pointed out that they "have published the 'Hardening Guide' on the Web from July 2018 to January 2025 and have thoroughly informed customers of the recommendation to change their initial passwords".

Related Vulnerabilities

CVE-2023-43844

HIGH

CVSS:8.0(High)

Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged web interface account. The user is not asked to change the credentials after first login. If not changed, attackers can log ...

CWE-13922023

CVE-2024-10476

HIGH

CVSS:8.0(High)

Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as pro...

CWE-13922024

CVE-2024-39584

HIGH

CVSS:8.2(High)

Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot b...

CWE-13922024

CVE-2024-5245

HIGH

CVSS:7.8(High)

NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NE...

CWE-13922024

CVE-2025-22460

HIGH

CVSS:7.8(High)

Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges.

CWE-13922025

CVE-2024-12902

HIGH

CVSS:8.4(High)

ANCHOR from Global Wisdom Software is an integrated product running on a Windows virtual machine. The underlying Windows OS of the product contains high-privilege service accounts. If these accounts u...

CWE-13922024