CVE-2025-5484

CVE-2025-5484 is a high-severity vulnerability with a CVSS 3.x base score of 8.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-1390.

Key facts

Description

A username and password are required to authenticate to the central SinoTrack device management interface. The username for all devices is an identifier printed on the receiver. The default password is well-known and common to all devices. Modification of the default password is not enforced during device setup. A malicious actor can retrieve device identifiers with either physical access or by capturing identifiers from pictures of the devices posted on publicly accessible websites such as eBay.

Frequently asked questions

What is CVE-2025-5484?
A username and password are required to authenticate to the central SinoTrack device management interface. The username for all devices is an identifier printed on the receiver. The default password is well-known and common to all devices. Modification of the default password is not enforced during device setup. A malicious actor can retrieve device identifiers with either physical access or by capturing identifiers from pictures of the devices posted on publicly accessible websites such as eBay.
How severe is CVE-2025-5484?
CVE-2025-5484 has a CVSS 3.x base score of 8.3, rated high severity. It is exploitable over network with low attack complexity, requires no privileges and user interaction. Impact on confidentiality is high, integrity high, and availability low.
Is CVE-2025-5484 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (33rd percentile), an estimate of the probability of exploitation in the next 30 days.
How do I fix CVE-2025-5484?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
Does CVE-2025-5484 have an EU (EUVD) identifier?
Yes. CVE-2025-5484 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-18210.
When was CVE-2025-5484 published?
CVE-2025-5484 was published on 2025-06-12 and last updated on 2026-06-17.

References

Other CWE-1390 vulnerabilities

Browse all CWE-1390 vulnerabilities →