CVE-2025-46352CRITICAL 9.8EPSS p47.9%

CVE-2025-46352CVE-2025-46352

Description

The CS5000 Fire Panel is vulnerable due to a hard-coded password that runs on a VNC server and is visible as a string in the binary responsible for running VNC. This password cannot be altered, allowing anyone with knowledge of it to gain remote access to the panel. Such access could enable an attacker to operate the panel remotely, potentially putting the fire panel into a non-functional state and causing serious safety issues.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.69% probability of exploitation · percentile 47.9% · 2026-06-19T12:03:05Z
Published2025-05-30
Last modified2026-04-15

Underlying weaknesses· 1

CWE-798

References

  1. https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03
  2. https://www.consiliumsafety.com/en/support/

1

TypeTargetConfidenceTier
WeaknessUse of Hard-coded Credentialscwe-7980%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-41438
CVE
CVE-2025-54754
CVE
CVE-2026-35075
CVE
CVE-2025-54756
CVE
CVE-2025-46412
CVE
CVE-2025-46273
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.