Home / Vulnerability Intelligence / CVE-2025-54756

CVE-2025-54756 - Vulnerability Analysis

HighCVSS: 8.4

Last Updated: February 13, 2026

BrightSign BrightSign OS - Authentication Bypass

Published: February 12, 2026Updated: February 13, 2026

Overview

BrightSign BrightSign OS series 4 < 8.5.53.1 and series 5 < 9.0.166 contain a broken authentication caused by use of guessable default passwords, letting attackers gain unauthorized access, exploit requires knowledge of device information.

Severity & Score

Severity: High

CVSS Score: 8.4

EPSS Score: 1.2%(Probability of exploitation in next 30 days)

Impact

Attackers can gain unauthorized access by guessing default passwords, potentially leading to full system compromise.

Mitigation

Update to BrightSign OS series 4 version 8.5.53.1 or series 5 version 9.0.166 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 12, 2026

🟠 CVE-2025-54756 - High (8.4) BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable with knowledge of the device information. The latest release fixes this issue for new installations; use... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-54756/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-54756
Severity: High
CVSS Score: 8.4
Type: broken_authentication
Status: unconfirmed
EPSS: 1.2%
Social Posts: 1

CWE

CWE-1392

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

1.2%Probability of exploitation in the next 30 days