8.7
CVE-2025-25281
- EPSS 0.43%
- Veröffentlicht 13.02.2025 22:15:13
- Zuletzt bearbeitet 10.04.2025 19:40:37
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginOutback Power Mojave Inverter Exposure of Sensitive Information to an Unauthorized Actor
An attacker may modify the URL to discover sensitive information about the target network.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Outbackpower ≫ Mojave Inverter Oghi8048a Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.43% | 0.34 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| ics-cert@hq.dhs.gov | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| ics-cert@hq.dhs.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
https://old.outbackpower.com/about-outback/contact/contact-us
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-17