CVE-2025-10285

Severity CVSS v4.0:

HIGH

Type:

CWE-200 Information Leak / Disclosure

Publication date:

04/12/2025

Last modified:

04/12/2025

Description

The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user&#39;s domain password.

Impact

Vector 4.0

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVSS v4.0 Severity and Metrics:

Base Score: 7.40 HIGH
Vector: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Attack Requirements (AT): Present
Privileges Required (PR): None
User Interaction (UI): Passsive
Confidentiality (VC): High
Integrity (VI): High
Availability (VA): None
Confidentiality (SC): None
Integrity (SI): None
Availability (SA): None

Base Score 4.0

7.40

Severity 4.0

HIGH

References to Advisories, Solutions, and Tools

https://community.silabs.com/a45Vm0000003UcfIAE