Detections
Analytics
CVE-2025-52545
high
Description
E3 Site Supervisor Control (firmware version < 2.31F01) RCI service contains an API call to read users info, which returns all usernames and password hashes for the application services.
References
Details
Published: 2025-09-02
Updated: 2025-10-01
Named Vulnerability: Frostbyte10
Risk Information
CVSS v2
Base Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N
Severity: High
CVSS v3
Base Score: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: High
CVSS v4
Base Score: 7.7
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:L/SA:L
Severity: High
EPSS
EPSS: 0.00042