These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
BrightSign reported a default-password weakness in BrightSign OS series 4 players before v8.5.53.1 and series 5 players before v9.0.166. CISA rates the issue 8.4 HIGH. BrightSign says the fixed releases are available, and older installations should have all default passwords changed.
CVE-2025-3925 affects BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 and series 5 prior to v9.0.166. CISA and BrightSign describe the issue as execution with unnecessary privileges, which can enable privilege escalation on the device once code execution has already been obtained. BrightSign states the issue was fixed in the cited versions and that the updates are available on its download site.