CVE-2025-53963
Published: 04 December 2025
Description
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Security Summary
CVE-2025-53963 is a vulnerability in Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices, which run an SSH server accessible over the default port 22. The root account uses a weak default password of "ionadmin," and no password change policy is enforced for this account. This issue falls under CWE-521 (Weak Password Requirements) and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). It only affects products that are no longer supported by the maintainer.
An attacker with network connectivity to the device can exploit this vulnerability by authenticating to the SSH server as root using the default password "ionadmin," enabling full root-level code execution on the device. No special privileges, user interaction, or complex conditions are required for exploitation.
References provided include Thermo Fisher product documentation such as the Ion OneTouch 2 System User Guide, Ion OneTouch 2 and Torrent Suite Software Product Guide, and OneTouch 2 Specification Sheet, but no vendor advisories or patches are specified. Given that the affected products are no longer supported, no mitigations such as updates or enforced password policies are available from the maintainer.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability involves a weak default password for the root account on an exposed SSH server, directly enabling use of default accounts (T1078.001) for remote root access and code execution.