Skip to main content

SenseLive X3050 CVE-2026-25775

| EUVDEUVD-2026-25351 CRITICAL
Missing Authentication for Critical Function (CWE-306)
2026-04-24 icscert GHSA-j5pw-86cx-29xv
9.3
CVSS 4.0 · Vendor: icscert
Share

Severity by source

Vendor (icscert) PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (icscert) · only source for this CVE.

CVSS VectorVendor: icscert

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

6
Re-analysis Queued
Apr 24, 2026 - 14:52 vuln.today
cvss_changed
Analysis Generated
Apr 24, 2026 - 00:46 vuln.today
CVSS changed
Apr 24, 2026 - 00:22 NVD
9.8 (CRITICAL) 9.3 (CRITICAL)
EUVD ID Assigned
Apr 24, 2026 - 00:15 euvd
EUVD-2026-25351
Analysis Generated
Apr 24, 2026 - 00:15 vuln.today
CVE Published
Apr 24, 2026 - 00:06 nvd
CRITICAL 9.3

DescriptionCVE.org

A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded images, or the authenticity of provided firmware.

AnalysisAI

Unauthenticated remote attackers can retrieve and replace firmware on SenseLive X3050 industrial control devices via the remote management service, which performs no authentication, authorization, or integrity validation. This allows complete device takeover by uploading malicious firmware images. CISA has published an ICS advisory (ICSA-26-111-12), indicating industrial/OT sector relevance, though no CISA KEV listing or public exploit code has been identified at time of analysis.

Technical ContextAI

The vulnerability resides in SenseLive X3050's remote management service, an unauthenticated network-accessible endpoint designed for firmware operations. The flaw is CWE-306 (Missing Authentication for Critical Function), meaning the service completely omits authentication and authorization checks before executing privileged firmware operations. The CVSS 4.0 vector AV:N indicates network attack vector with AC:L (low attack complexity) and PR:N (no privileges required), confirming the service is exposed without credential requirements. The service fails three critical validation steps: it does not authenticate the requesting host, does not verify user privileges for firmware modification operations, and does not validate cryptographic signatures or integrity hashes of uploaded firmware images. This triple failure allows trivial exploitation from any network-reachable position.

RemediationAI

No vendor-released patch version has been identified in available data at time of analysis. Organizations should immediately contact SenseLive via https://senselive.io/contact to obtain firmware updates addressing CVE-2026-25775 and confirm patch availability. Until patched firmware is deployed, implement network-layer compensating controls: isolate X3050 devices behind firewalls blocking all inbound access to the remote management service port from untrusted networks, restrict management service access to specific IP addresses of authorized administrators using ACLs, and disable the remote management service entirely if firmware update functionality is not operationally required (assess impact on remote monitoring capabilities before disabling). Deploy network monitoring to detect unauthorized firmware retrieval attempts (unusual outbound data exfiltration from X3050 devices) or upload operations (inbound connections to management service from unexpected sources). These mitigations reduce attack surface but introduce operational overhead for firmware maintenance and may break remote management workflows, requiring local console access for updates. Consult CISA advisory ICSA-26-111-12 at https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-12 for additional sector-specific guidance.

Share

CVE-2026-25775 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy