HIGH🇵🇱 Wersja polska

CVE-2025-28381

CVSS 7.5v3.1pub. 2025-06-13upd. 2025-10-27

A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Openc3 Cosmos

    APP
    Openc3
    6.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Container
CWE
References

Related vulnerabilities

CVE-2026-42088CRITICAL9.6PL ✓ten sam produkt

OpenC3 COSMOS: ominięcie uprawnień API i dostęp do usług wewnętrznych sieci Docker

CVE-2026-42087CRITICAL9.6PL ✓ten sam produkt

SQL Injection w komponencie TSDB OpenC3 COSMOS (CVE-2026-42087)

CVE-2025-28386CRITICAL9.8PL ✓ten sam produkt

RCE w komponencie Plugin Management OpenC3 COSMOS poprzez spreparowany plik .txt

CVE-2025-28388CRITICAL9.8PL ✓ten sam produkt

OpenC3 COSMOS — hardcoded credentials w koncie Service Account

CVE-2025-28384CRITICAL9.1PL ✓ten sam produkt

Path Traversal w endpoincie /script-api/scripts/ OpenC3 COSMOS