CVE-2025-3925
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 contain an execution with unnecessary privileges vulnerability, allowing for privilege escalation on the device once code execution has been obtained.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| BrightSign | BrightSign OS series 4 players | 0 < v8.5.53.1 | affected |
| BrightSign | BrightSign OS series 5 players | 0 < v9.0.166 | affected |
Weaknesses
- CWE-250: CWE-250
Workarounds
BrightSign recommends the following security practices:
Change default passwords when the device is initially set up.
Disable the local DWS as described in "High Security settings".
Disable the SSH/telnet server when not being used - it is not enabled by default.
Devices should be located where an attacker does not have physical access to the device.
SD and USB ports can be disabled if not needed.
For more information, please contact BrightSign via their website. https://www.brightsign.biz/contact-us/
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-126-03
- https://www.brightsign.biz/resources/software-downloads/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.