PatchSiren cyber security CVE debrief
CVE-2026-25775 Raw CVE debrief
CVE-2026-25775 is a critical network-reachable flaw in SenseLive X3050 V1.523's remote management service. According to CISA's advisory, the service accepts firmware-related requests from any reachable host and does not enforce authentication, authorization, image integrity, or firmware authenticity checks.
- Vendor
- Raw
- Product
- SenseLive X3050 V1.523
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-21
- Original CVE updated
- 2026-04-21
- Advisory published
- 2026-04-21
- Advisory updated
- 2026-04-21
Who should care
OT and industrial network operators running SenseLive X3050 V1.523, especially sites that expose or can reach the device's remote management service. Security teams responsible for device segmentation, remote access control, and firmware integrity monitoring should treat this as urgent.
Technical summary
The advisory describes a remote management weakness that permits firmware retrieval and update operations without authentication or authorization. Because the service accepts requests from any reachable host and does not verify user privileges, uploaded-image integrity, or the authenticity of supplied firmware, an attacker with network reachability could tamper with device firmware workflows and potentially impact confidentiality, integrity, and availability.
Defensive priority
Immediate. The issue is network exploitable, requires no authentication, and is rated CVSS 3.1 9.8/Critical in the source advisory, so exposed or broadly reachable devices should be prioritized first.
Recommended defensive actions
- Restrict network access to the X3050 remote management service with ACLs, firewall rules, or VPN-only access.
- Inventory all SenseLive X3050 V1.523 deployments and determine whether the service is reachable from untrusted networks.
- If the device is in production, segment it from general-purpose networks until vendor guidance or a corrective update is available.
- Monitor for unauthorized firmware retrieval or update activity and review change-control records for unexpected device reimaging.
- Contact SenseLive for remediation guidance, since the advisory states the vendor did not respond to CISA's coordination requests.
- Verify any future firmware package source, authenticity, and integrity before applying it to the device.
Evidence notes
Source evidence is limited to CISA's CSAF advisory ICSA-26-111-12 and linked official references. The advisory text explicitly states unauthenticated firmware retrieval/update from any reachable host and missing checks for privileges, image integrity, and firmware authenticity. The source advisory was initially published on 2026-04-21, and the provided CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Official resources
-
CVE-2026-25775 CVE record
CVE.org
-
CVE-2026-25775 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published ICSA-26-111-12 on 2026-04-21. The advisory indicates SenseLive did not respond to CISA's coordination requests, and affected users are directed to contact SenseLive for more information.