How to fix EUVD-2025-18283?

Within 24 hours: Inventory all OpenC3 COSMOS deployments and identify current versions; isolate affected instances from production networks if upgrade timeline exceeds 48 hours. Within 7 days: Contact vendor for v6.0.2 availability and timeline; if unavailable, implement network segmentation to restrict container-to-service communication and rotate all service credentials used by COSMOS. Within 30 days: Complete upgrade to v6.0.2 or later; conduct forensic audit for unauthorized credential access; implement secrets management solution (HashiCorp Vault, AWS Secrets Manager) to prevent future environment variable exposure.

Is Cosmos affected by EUVD-2025-18283?

OpenC3 COSMOS installations before v6.0.2 expose service credentials stored in container environment variables to attackers. Any organization running affected versions faces immediate risk of unauthorized access to backend services and data systems.

EUVD-2025-18283

| CVE-2025-28381 HIGH

2025-06-13 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 21:34 euvd

EUVD-2025-18283

Analysis Generated

Mar 14, 2026 - 21:34 vuln.today

PoC Detected

Oct 27, 2025 - 16:15 vuln.today

Public exploit code

CVE Published

Jun 13, 2025 - 14:15 nvd

HIGH 7.5

Description

A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers.

Analysis

A security vulnerability in OpenC3 COSMOS (CVSS 7.5) that allows attackers. Risk factors: public PoC available.

Technical Context

Vulnerability type not specified by vendor. CVSS 7.5 indicates high severity. Affects OpenC3 COSMOS.

Affected Products

['OpenC3 COSMOS']

Remediation

Monitor vendor channels for patch availability.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +38

POC: +20

EUVD-2025-18283 vulnerability details – vuln.today

Back

EUVD-2025-18283

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-18283

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code