CVE-2025-5484HIGH 8.3EPSS p33.0%

CVE-2025-5484CVE-2025-5484

Description

A username and password are required to authenticate to the central SinoTrack device management interface. The username for all devices is an identifier printed on the receiver. The default password is well-known and common to all devices. Modification of the default password is not enforced during device setup. A malicious actor can retrieve device identifiers with either physical access or by capturing identifiers from pictures of the devices posted on publicly accessible websites such as eBay.

Scoring

CVSS 3.18.3 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
EPSS0.41% probability of exploitation · percentile 33.0% · 2026-06-19T12:03:05Z
Published2025-06-12
Last modified2026-04-15

Underlying weaknesses· 1

CWE-1390

References

  1. https://www.cisa.gov/news-events/ics-advisories/icsa-25-160-01
  2. https://www.sinotrackgps.com/help-center

1

TypeTargetConfidenceTier
WeaknessWeak Authenticationcwe-13900%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-5485
CVE
CVE-2025-40805
CVE
CVE-2025-54754
CVE
CVE-2026-35075
CVE
CVE-2025-41652
CVE
CVE-2025-3090
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.