CVE-2025-26411
Published: 11 February 2025
Description
Adversaries may abuse Python commands and scripts for execution.
Security Summary
CVE-2025-26411 is an unrestricted upload vulnerability in the Plugin Manager of the web interface on Wattsense Bridge devices. It allows an authenticated attacker to upload malicious Python files to the device, enabling remote root access. The vulnerability is associated with CWE-434 (Unrestricted Upload of File with Dangerous Type) and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). It affects Wattsense Bridge devices running firmware versions prior to BSP 6.1.0.
An attacker with a valid user account on the Wattsense web interface can exploit this issue over the network with low complexity and no user interaction required. By leveraging the Plugin Manager, the attacker uploads and executes arbitrary Python code, achieving full remote root privileges on the device. This grants complete control, including potential data exfiltration, modification of device configurations, or further lateral movement within connected networks.
Advisories from SEC Consult and Wattsense recommend updating to firmware version BSP 6.1.0 or later, where the issue is fixed. Release notes are available on the Wattsense support site, and full details are provided in the SEC Consult report and Full Disclosure mailing list posting.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is an unrestricted upload in a public-facing web interface (Plugin Manager) that allows authenticated attackers to upload and execute arbitrary Python code for remote root access, directly enabling T1190 (Exploit Public-Facing Application) and T1059.006 (Python).