CRITICAL🇵🇱 Wersja polska

CVE-2025-28389

CVSS 9.8v3.1pub. 2025-06-13upd. 2025-06-17

Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack.

🤖 AI Analysis
How it works

The system does not enforce sufficiently strong passwords (CWE-521), allowing users to set passwords vulnerable to automated dictionary attacks or brute force attacks. An attacker can remotely and without any prior privileges systematically attempt successive password combinations until successfully logging into the victim's account.

Impact

A successful brute force attack allows an attacker to take control of a user or administrator account, resulting in complete compromise of the confidentiality, integrity, and availability of the OpenC3 COSMOS system.

Mitigation & patch

Patches available from the vendor should be applied in accordance with the references. Additionally, it is recommended to enforce strong password policies in the organization's security policy and implement account lockout mechanisms after a specified number of failed login attempts.

Who is affected

OpenC3 COSMOS v6.0.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Openc3 Cosmos

    APP
    Openc3
    6.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2026-42088CRITICAL9.6PL ✓ten sam produkt

OpenC3 COSMOS: ominięcie uprawnień API i dostęp do usług wewnętrznych sieci Docker

CVE-2026-42087CRITICAL9.6PL ✓ten sam produkt

SQL Injection w komponencie TSDB OpenC3 COSMOS (CVE-2026-42087)

CVE-2025-28384CRITICAL9.1PL ✓ten sam produkt

Path Traversal w endpoincie /script-api/scripts/ OpenC3 COSMOS

CVE-2025-28388CRITICAL9.8PL ✓ten sam produkt

OpenC3 COSMOS — hardcoded credentials w koncie Service Account

CVE-2025-28386CRITICAL9.8PL ✓ten sam produkt

RCE w komponencie Plugin Management OpenC3 COSMOS poprzez spreparowany plik .txt