PatchSiren cyber security CVE debrief
CVE-2025-41438 Consilium Safety CVE debrief
CVE-2025-41438 is a high-severity issue in Consilium Safety's CS5000 Fire Panel where a default non-root account with elevated permissions exists on affected systems. The advisory says this account can be changed via SSH, but it remained unchanged on every installed system observed, and misuse could severely affect device operation. Asset owners running versions earlier than R1.17.1 should prioritize the vendor update and related hardening guidance.
- Vendor
- Consilium Safety
- Product
- CS5000 Fire Panel
- CVSS
- HIGH 8.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-05-29
- Original CVE updated
- 2025-12-04
- Advisory published
- 2025-05-29
- Advisory updated
- 2025-12-04
Who should care
Organizations operating CS5000 Fire Panel deployments, especially OT/ICS asset owners, fire safety system administrators, integrators, and local Consilium Safety support teams responsible for patching and configuration control.
Technical summary
The advisory identifies a default account on the CS5000 Fire Panel that is not root but has high-level permissions. Affected products are listed as Consilium Safety CS5000 Fire Panel versions earlier than R1.17.1. In Update A, CISA revised the CVSS vector from AV:N to AV:L and noted that Consilium software version R1.17.1 is available. The issue is therefore best treated as a privileged-account exposure that requires version control, configuration review, and OT-aware remediation.
Defensive priority
High — prioritize any CS5000 Fire Panel deployment running versions earlier than R1.17.1.
Recommended defensive actions
- Inventory all CS5000 Fire Panel deployments and confirm whether any systems are running versions earlier than R1.17.1.
- Obtain and apply Consilium Safety software version R1.17.1 through the local Consilium representative or support office, as the update is not publicly downloadable.
- Verify that the default account has been remediated according to vendor guidance after upgrading, and document the change in asset records.
- Restrict physical access, administrative access, and SSH access to dedicated personnel only, consistent with OT access-control practices.
- Request and apply the security configuration and hardening guidance that accompanies R1.17.1.
- If stronger built-in security is required, evaluate migration to Consilium Safety's newer fire panel line manufactured after July 1, 2024.
Evidence notes
The supplied CISA CSAF source states that the CS5000 Fire Panel is vulnerable because a default account exists on the panel, that it can be changed via SSH, and that it remained unchanged on every installed system observed. The affected product is listed as Consilium Safety CS5000 Fire Panel < R1.17.1. Revision history in Update A says Consilium software version R1.17.1 is now available and that the CVSS vector and score were updated, including a change from AV:N to AV:L. The supplied corpus does not include a CISA KEV entry for this CVE.
Official resources
-
CVE-2025-41438 CVE record
CVE.org
-
CVE-2025-41438 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA in ICS Advisory ICSA-25-148-03 on 2025-05-29. Update A was published on 2025-12-04. No CISA KEV entry was provided in the supplied corpus.