CVE-2025-5095CRITICAL 9.8EPSS p54.2%

CVE-2025-5095CVE-2025-5095

Description

Burk Technology ARC Solo's password change mechanism can be utilized without proper authentication procedures, allowing an attacker to take over the device. A password change request can be sent directly to the device's HTTP endpoint without providing valid credentials. The system does not enforce proper authentication or session validation, allowing the password change to proceed without verifying the request's legitimacy.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.87% probability of exploitation · percentile 54.2% · 2026-06-19T12:03:05Z
Published2025-08-08
Last modified2026-04-15

Underlying weaknesses· 1

CWE-306

References

  1. https://www.burk.com/products/Broadcast/ARC-Solo-6
  2. https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-03

1

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-40805
CVE
CVE-2025-3090
CVE
CVE-2026-24789
CVE
CVE-2025-41652
CVE
CVE-2026-35075
CVE
CVE-2025-41651
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.