github - ghsa-wj97-j26v-v8wp

ghsa-wj97-j26v-v8wp

Vulnerability from github

Published

2025-07-24 21:30

Modified

2025-07-24 21:30

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Details

The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the local area network or from the Internet via a router with port forwarding set up, to gain direct access to the thermostat's embedded web server and reset user credentials by manipulating specific elements of the embedded web interface.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-6260"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-24T21:15:52Z",
    "severity": "CRITICAL"
  },
  "details": "The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the local area network or from the Internet via a router with port forwarding set up, to gain direct access to the thermostat\u0027s embedded web server and reset user credentials by manipulating specific elements of the embedded web interface.",
  "id": "GHSA-wj97-j26v-v8wp",
  "modified": "2025-07-24T21:30:39Z",
  "published": "2025-07-24T21:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6260"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-205-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

CVE-2025-6260 (GCVE-0-2025-6260)

Vulnerability from cvelistv5

Published

2025-07-24 20:53

Modified

2025-07-25 13:31

Severity ?

9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-306 - Missing Authentication for Critical Function

Summary

References

▼	URL	Tags
	https://www.cisa.gov/news-events/ics-advisories/icsa-25-205-02

Impacted products

	Vendor	Product	Version
	Network Thermostat	X-Series WiFi thermostats	Version: v4.5 < 4.6 Version: v9.6 < v9.46 Version: v10.1 < v10.29 Version: v11.1 < v11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6260",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-25T13:31:41.404162Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-25T13:31:50.926Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "X-Series WiFi thermostats",
          "vendor": "Network Thermostat",
          "versions": [
            {
              "lessThan": "4.6",
              "status": "affected",
              "version": "v4.5",
              "versionType": "custom"
            },
            {
              "lessThan": "v9.46",
              "status": "affected",
              "version": "v9.6",
              "versionType": "custom"
            },
            {
              "lessThan": "v10.29",
              "status": "affected",
              "version": "v10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "v11.5",
              "status": "affected",
              "version": "v11.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Souvik Kandar reported this vulnerability to CISA."
        }
      ],
      "datePublic": "2025-07-24T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the local area network or from the Internet via a router with port forwarding set up, to gain direct access to the thermostat\u0027s embedded web server and reset user credentials by manipulating specific elements of the embedded web interface.\u003c/span\u003e"
            }
          ],
          "value": "The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the local area network or from the Internet via a router with port forwarding set up, to gain direct access to the thermostat\u0027s embedded web server and reset user credentials by manipulating specific elements of the embedded web interface."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-24T20:53:17.534Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-205-02"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eNetwork Thermostat recommends users to update to the following (or newer) versions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eX-Series WiFi thermostats with v4.x to a minimum of v4.6\u003c/li\u003e\u003cli\u003eX-Series WiFi thermostats with v9.x to a minimum of v9.46\u003c/li\u003e\u003cli\u003eX-Series WiFi thermostats with v10.x to a minimum of v10.29\u003c/li\u003e\u003cli\u003eX-Series WiFi thermostats with v11.x to a minimum of v11.5\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eThis update was applied automatically to reachable units, requiring no action from end users.\u003c/p\u003e\u003cp\u003eIf end users would like their units behind firewalls to be updated, contact Network Thermostat at \u003ca target=\"_blank\" rel=\"nofollow\"\u003esupport@networkthermostat.com\u003c/a\u003e\u0026nbsp;to coordinate an update.\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "Network Thermostat recommends users to update to the following (or newer) versions:\n\n  *  X-Series WiFi thermostats with v4.x to a minimum of v4.6\n  *  X-Series WiFi thermostats with v9.x to a minimum of v9.46\n  *  X-Series WiFi thermostats with v10.x to a minimum of v10.29\n  *  X-Series WiFi thermostats with v11.x to a minimum of v11.5\n\n\nThis update was applied automatically to reachable units, requiring no action from end users.\n\nIf end users would like their units behind firewalls to be updated, contact Network Thermostat at support@networkthermostat.com\u00a0to coordinate an update."
        }
      ],
      "source": {
        "advisory": "ICSA-25-205-02",
        "discovery": "EXTERNAL"
      },
      "title": "Network Thermostat X-Series WiFi Thermostats Missing Authentication for Critical Function",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2025-6260",
    "datePublished": "2025-07-24T20:53:17.534Z",
    "dateReserved": "2025-06-18T22:35:45.412Z",
    "dateUpdated": "2025-07-25T13:31:50.926Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted