CVE-2025-5124HIGH 8.1EPSS p54.3%

CVE-2025-5124CVE-2025-5124

Description

A vulnerability classified as critical has been found in Sony SNC-M1, SNC-M3, SNC-RZ25N, SNC-RZ30N, SNC-DS10, SNC-CS3N and SNC-RX570N up to 1.30. This affects an unknown part of the component Administrative Interface. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. It is recommended to change the configuration settings. The vendor was contacted early about this issue. They confirmed the existence but pointed out that they "have published the 'Hardening Guide' on the Web from July 2018 to January 2025 and have thoroughly informed customers of the recommendation to change their initial passwords".

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.88% probability of exploitation · percentile 54.3% · 2026-06-19T12:03:05Z
Published2025-05-24
Last modified2026-04-15

Underlying weaknesses· 1

CWE-1392

References

  1. https://github.com/zeke2997/CVE_request_Sony
  2. https://github.com/zeke2997/CVE_request_Sony#3-poc
  3. https://vuldb.com/?ctiid.310203
  4. https://vuldb.com/?id.310203
  5. https://vuldb.com/?submit.564839
  6. https://github.com/zeke2997/CVE_request_Sony

1

TypeTargetConfidenceTier
WeaknessUse of Default Credentialscwe-13920%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-51381
CVE
CVE-2025-12049
CVE
CVE-2026-24448
CVE
CVE-2025-5478
CVE
CVE-2025-5476
CVE
CVE-2025-62777
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.