CVE-2025-26411

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Feb 11, 2025

CWE ID 434

Summary

CVE-2025-26411 is a vulnerability affecting the Plugin Manager of Wattsense Bridge devices' web interface. Authenticated attackers can exploit this flaw by uploading malicious Python files, thereby gaining remote root access to the device. A valid user account on the Wattsense web interface is required for an attacker to carry out this exploit. This issue has been resolved in recent firmware versions BSP 6.1.0 and above.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3N0j98
https://www.cve.org/CVERecord?id=CVE-2025-26411
https://nvd.nist.gov/vuln/detail/CVE-2025-26411

Back to Vulnerability Database

CVE-2025-26411

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations