CVE-2025-41438

Summary

The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even though it is possible to change this by SSHing into the device, it has remained unchanged on every installed system observed. This account is not root but holds high-level permissions that could severely impact the device's operation if exploited.

Affected Software

VendorProductVersion RangeStatus
Consilium SafetyCS5000 Fire PanelAll versionsaffected

Weaknesses

  • CWE-1188: CWE-1188

Workarounds

Consilium Safety is aware of these vulnerabilities. Currently, no fixes are planned for the CS5000 Fire Panel.

Users wanting enhanced security features are advised to upgrade to Consilium Safety's newer line of fire panels. Specifically, products manufactured after July 1, 2024, incorporate more secure-by-design principles.

Users of the CS5000 Fire Panel are recommended to implement compensating countermeasures, such as physical security and access control restrictions for dedicated personnel.

More product safety information can be found on Consilium Safety's support webpage https://www.consiliumsafety.com/en/support/ .

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References