How severe is CVE-2025-64305?

CVE-2025-64305 has a CVSS v3 score of 6.5 (MEDIUM).

CVE-2025-64305

6.5MEDIUM

MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor

Опубликовано: 1/7/2026Обновлено: 1/8/2026

Описание

MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor firmware, or gain admin access to the web portal.

ИИ-АнализНа базе ИИ

Ссылки

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-006-01.json
https://www.cisa.gov/news-events/ics-advisories/icsa-26-006-01