CVE-2025-26473
Published: 13 February 2025
Description
Adversaries may passively sniff network traffic to capture information about an environment, including authentication material passed over the network.
Security Summary
CVE-2025-26473 is a vulnerability in the Mojave Inverter, where the device uses the GET method to transmit sensitive information, corresponding to CWE-598. This issue was published on 2025-02-13 and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), highlighting high confidentiality impact with no integrity or availability disruption.
Remote attackers require only network access to exploit this vulnerability, with no privileges, user interaction, or special conditions needed. Exploitation involves intercepting or directly accessing HTTP GET requests, allowing retrieval of sensitive information embedded in query strings.
The CISA advisory ICSA-25-044-17 provides details on mitigation steps for this vulnerability. Additional vendor contact information is available via Outback Power at the referenced support page.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability allows remote attackers to intercept or directly access HTTP GET requests containing sensitive information in query strings (CWE-598), directly enabling network sniffing to capture the exposed data.