{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6260", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2025-06-18T22:35:45.412Z", "datePublished": "2025-07-24T20:53:17.534Z", "dateUpdated": "2025-07-25T13:31:50.926Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "X-Series WiFi thermostats", "vendor": "Network Thermostat", "versions": [{"lessThan": "4.6", "status": "affected", "version": "v4.5", "versionType": "custom"}, {"lessThan": "v9.46", "status": "affected", "version": "v9.6", "versionType": "custom"}, {"lessThan": "v10.29", "status": "affected", "version": "v10.1", "versionType": "custom"}, {"lessThan": "v11.5", "status": "affected", "version": "v11.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Souvik Kandar reported this vulnerability to CISA."}], "datePublic": "2025-07-24T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the local area network or from the Internet via a router with port forwarding set up, to gain direct access to the thermostat's embedded web server and reset user credentials by manipulating specific elements of the embedded web interface.</span>"}], "value": "The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the local area network or from the Internet via a router with port forwarding set up, to gain direct access to the thermostat's embedded web server and reset user credentials by manipulating specific elements of the embedded web interface."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-07-24T20:53:17.534Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-205-02"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Network Thermostat recommends users to update to the following (or newer) versions:</p><ul><li>X-Series WiFi thermostats with v4.x to a minimum of v4.6</li><li>X-Series WiFi thermostats with v9.x to a minimum of v9.46</li><li>X-Series WiFi thermostats with v10.x to a minimum of v10.29</li><li>X-Series WiFi thermostats with v11.x to a minimum of v11.5</li></ul><p>This update was applied automatically to reachable units, requiring no action from end users.</p><p>If end users would like their units behind firewalls to be updated, contact Network Thermostat at <a target=\"_blank\" rel=\"nofollow\">[email protected]</a>&nbsp;to coordinate an update.</p>\n\n<br>"}], "value": "Network Thermostat recommends users to update to the following (or newer) versions:\n\n * X-Series WiFi thermostats with v4.x to a minimum of v4.6\n * X-Series WiFi thermostats with v9.x to a minimum of v9.46\n * X-Series WiFi thermostats with v10.x to a minimum of v10.29\n * X-Series WiFi thermostats with v11.x to a minimum of v11.5\n\n\nThis update was applied automatically to reachable units, requiring no action from end users.\n\nIf end users would like their units behind firewalls to be updated, contact Network Thermostat at [email protected]\u00a0to coordinate an update."}], "source": {"advisory": "ICSA-25-205-02", "discovery": "EXTERNAL"}, "title": "Network Thermostat X-Series WiFi Thermostats Missing Authentication for Critical Function", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-25T13:31:41.404162Z", "id": "CVE-2025-6260", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-25T13:31:50.926Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6260", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-25T13:31:41.404162Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-25T13:31:46.205Z"}}], "cna": {"title": "Network Thermostat X-Series WiFi Thermostats Missing Authentication for Critical Function", "source": {"advisory": "ICSA-25-205-02", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Souvik Kandar reported this vulnerability to CISA."}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Network Thermostat", "product": "X-Series WiFi thermostats", "versions": [{"status": "affected", "version": "v4.5", "lessThan": "4.6", "versionType": "custom"}, {"status": "affected", "version": "v9.6", "lessThan": "v9.46", "versionType": "custom"}, {"status": "affected", "version": "v10.1", "lessThan": "v10.29", "versionType": "custom"}, {"status": "affected", "version": "v11.1", "lessThan": "v11.5", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Network Thermostat recommends users to update to the following (or newer) versions:\n\n * X-Series WiFi thermostats with v4.x to a minimum of v4.6\n * X-Series WiFi thermostats with v9.x to a minimum of v9.46\n * X-Series WiFi thermostats with v10.x to a minimum of v10.29\n * X-Series WiFi thermostats with v11.x to a minimum of v11.5\n\n\nThis update was applied automatically to reachable units, requiring no action from end users.\n\nIf end users would like their units behind firewalls to be updated, contact Network Thermostat at [email protected]\u00a0to coordinate an update.", "supportingMedia": [{"type": "text/html", "value": "<p>Network Thermostat recommends users to update to the following (or newer) versions:</p><ul><li>X-Series WiFi thermostats with v4.x to a minimum of v4.6</li><li>X-Series WiFi thermostats with v9.x to a minimum of v9.46</li><li>X-Series WiFi thermostats with v10.x to a minimum of v10.29</li><li>X-Series WiFi thermostats with v11.x to a minimum of v11.5</li></ul><p>This update was applied automatically to reachable units, requiring no action from end users.</p><p>If end users would like their units behind firewalls to be updated, contact Network Thermostat at <a target=\"_blank\" rel=\"nofollow\">[email protected]</a>&nbsp;to coordinate an update.</p>\n\n<br>", "base64": false}]}], "datePublic": "2025-07-24T16:00:00.000Z", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-205-02"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the local area network or from the Internet via a router with port forwarding set up, to gain direct access to the thermostat's embedded web server and reset user credentials by manipulating specific elements of the embedded web interface.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the local area network or from the Internet via a router with port forwarding set up, to gain direct access to the thermostat's embedded web server and reset user credentials by manipulating specific elements of the embedded web interface.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-07-24T20:53:17.534Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6260", "state": "PUBLISHED", "dateUpdated": "2025-07-25T13:31:50.926Z", "dateReserved": "2025-06-18T22:35:45.412Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2025-07-24T20:53:17.534Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the local area network or from the Internet via a router with port forwarding set up, to gain direct access to the thermostat's embedded web server and reset user credentials by manipulating specific elements of the embedded web interface."}], "id": "CVE-2025-6260", "lastModified": "2025-07-25T15:29:19.837", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "[email protected]", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-07-24T21:15:52.447", "references": [{"source": "[email protected]", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-205-02"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "[email protected]", "type": "Primary"}]}

{}