Home / Vulnerability Intelligence / CVE-2026-25775

CVE-2026-25775 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 24, 2026

SenseLive X3050 - Authentication Bypass

Published: April 24, 2026Updated: April 24, 2026Remote Exploitable

Overview

SenseLive X3050 contains an authentication bypass caused by lack of verification in remote management service for firmware operations, letting remote attackers retrieve or update firmware without authorization, exploit requires network access.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Remote attackers can retrieve or update firmware without authorization, potentially leading to device compromise or persistent malware installation.

Mitigation

Update to the latest firmware version that enforces authentication and authorization for firmware operations.

References

Social Media Activity(2 posts)

OffSequence

@offseq

Apr 24, 2026

🔍 CVE-2026-25775: SenseLive X3050 (V1.523) critical vuln — remote firmware updates possible without auth! Patch unavailable. Restrict access & monitor for unauthorized firmware actions. https://radar.offseq.com/threat/cve-2026-25775-cwe-306-missing-authentication-for--773ccfcd #OffSeq #IoTSecurity #CVE202625775

View original post

OffSequence

@offseq

Apr 24, 2026

View original post

Related Resources

Details

CVE ID: CVE-2026-25775
Severity: Critical
CVSS Score: 9.8
Type: broken_authentication
Status: new
EPSS: 0.0%
Social Posts: 2

CWE

CWE-306

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.0%Probability of exploitation in the next 30 days