CVE-2025-54303CRITICAL 9.8EPSS p24.1%

CVE-2025-54303CVE-2025-54303

Description

The Thermo Fisher Torrent Suite Django application 5.18.1 has weak default credentials, which are stored as fixtures for the Django ORM API. The ionadmin user account can be used to authenticate to default deployments with the password ionadmin. The user guide recommends changing default credentials; however, a password change policy for default administrative accounts is not enforced. Many deployments may retain default credentials, in which case an attacker is likely to be able to successfully authenticate with administrative privileges.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.33% probability of exploitation · percentile 24.1% · 2026-06-18T12:00:27Z
Published2025-12-04
Last modified2025-12-16

Underlying weaknesses· 1

CWE-1392

References

  1. https://assets.thermofisher.com/TFS-Assets/LSG/manuals/MAN0026163-Torrent-Suite-5.18-UG.pdf
  2. https://documents.thermofisher.com/TFS-Assets/CORP/Product-Guides/Ion_OneTouch_2_and_Torrent_Suite_Software.pdf
  3. https://www.thermofisher.com/us/en/home/life-science/sequencing/next-generation-sequencing/ion-torrent-next-generation-sequencing-workflow/ion-torrent-next-generation-sequencing-data-analysis-workflow/ion-torrent-suite-software.html

1

TypeTargetConfidenceTier
WeaknessUse of Default Credentialscwe-13920%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-53963
CVE
CVE-2026-41085
CVE
CVE-2025-54307
CVE
CVE-2025-1393
CVE
CVE-2025-8077
CVE
CVE-2025-10542
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.