CVE-2025-2555

CVSS 3.1 Score 2.9 of 10 (low)

Details

Published Mar 20, 2025

CWE ID 259

CWE ID 255

Summary

CVE-2025-2555 is a newly disclosed vulnerability that affects the Audi Universal Traffic Recorder App 2.0. The issue lies within an unknown function of the FTP Credentials component, which utilizes a hard-coded password. For an attack to succeed, the assailant must have local access. The complexity and exploitability of this vulnerability are considered rather high, and an exploit has already been made public. Users are advised to upgrade to version 2.89 or 2.90 to address the issue. The vendor has been responsive and professional, having already taken steps to address the problem for both new and existing customers.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/4hdg1o
https://www.cve.org/CVERecord?id=CVE-2025-2555
https://nvd.nist.gov/vuln/detail/CVE-2025-2555

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2025-2555

CVSS 3.1 Score 2.9 of 10 (low)

Details

Summary

Advisories, Assessments, and Mitigations