CVE-2025-26409
Published: 11 February 2025
Summary
CVE-2025-26409 is a medium-severity On-Chip Debug and Test Interface With Improper Access Control (CWE-1191) vulnerability in Sec Consult (inferred from references). Its CVSS base score is 6.8 (Medium).
Operationally, ranked at the 37.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-4192
Vulnerability details
A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used…
more
to gain a root shell on the device. This issue is fixed in recent firmware versions BSP >= 6.4.1.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Directly mitigates exposure of on-chip debug and test interfaces by disabling or removing them.
Inspection of on-chip debug/test interfaces can identify tampering or unauthorized access that those interfaces enable.