CVE-2025-11545
CVE-2025-11545 is a critical-severity vulnerability with a CVSS 4.0 base score of 9.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-497.
Key facts
- Severity: Critical (CVSS 4.0 base score 9.5)
- EPSS exploit prediction: 0% (19th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-204692
- Weakness: CWE-497
- Published:
- Last modified:
Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sharp Display Solutions projectors allows a attacker may improperly access the HTTP server and execute arbitrary actions.
Frequently asked questions
- What is CVE-2025-11545?
- Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sharp Display Solutions projectors allows a attacker may improperly access the HTTP server and execute arbitrary actions.
- How severe is CVE-2025-11545?
- CVE-2025-11545 has a CVSS 4.0 base score of 9.5, rated critical severity.
- Is CVE-2025-11545 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (19th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2025-11545?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
- Does CVE-2025-11545 have an EU (EUVD) identifier?
- Yes. CVE-2025-11545 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-204692.
- When was CVE-2025-11545 published?
- CVE-2025-11545 was published on 2025-12-22 and last updated on 2026-06-17.
References
Other CWE-497 vulnerabilities
- CVE-2025-10264 — Critical (CVSS 10.0): Certain models of NVR developed by Digiever has an Exposure of Sensitive Information vulnerability, allowing…
- CVE-2026-27494 — Critical (CVSS 9.9): n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated…
- CVE-2025-47699 — Critical (CVSS 9.9): Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho…
- CVE-2025-44823 — Critical (CVSS 9.9): Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a…
- CVE-2026-14808 — Critical (CVSS 9.8): Prog Management System developed by PROG MIS has a Exposure of Sensitive Information vulnerability, allowing…
- CVE-2024-13999 — Critical (CVSS 9.8): Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose the server's Active Directory (AD) or…