CRITICAL🇵🇱 Wersja polska

CVE-2025-54303

CVSS 9.8v3.1pub. 2025-12-04upd. 2025-12-16

The Thermo Fisher Torrent Suite Django application 5.18.1 has weak default credentials, which are stored as fixtures for the Django ORM API. The ionadmin user account can be used to authenticate to default deployments with the password ionadmin. The user guide recommends changing default credentials; however, a password change policy for default administrative accounts is not enforced. Many deployments may retain default credentials, in which case an attacker is likely to be able to successfully authenticate with administrative privileges.

🤖 AI Analysis
How it works

Default credentials for the ionadmin account are stored as fixtures for Django ORM API and provided with the software. The user documentation recommends changing these credentials after installation, however the software does not enforce this change through any password management policy. As a result, many production deployments may still use the default login/password pair, allowing an attacker with network access to authenticate immediately without needing to crack passwords.

Impact

Attacker gains full administrative access to the application, allowing reading, modification or deletion of data, as well as potential takeover of the DNA sequencing data analysis system.

Mitigation & patch

Default password for the ionadmin account must be changed immediately in all Torrent Suite Software deployments. Patches available from the manufacturer should be applied according to references. Additionally, it is recommended to restrict network access to the management interface exclusively to trusted IP addresses and implement a policy enforcing default password changes at first login.

Who is affected

Thermo Fisher Torrent Suite Software version 5.18.1 (Django application) — deployments that have not changed the default credentials for the ionadmin account

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Thermofisher Torrent Suite Software

    APP
    Thermofisher
    5.18.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-54305HIGH7.8ten sam produkt

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. One of the middlewares i...

CVE-2025-54306HIGH7.2ten sam produkt

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. A remote code execution ...

CVE-2025-54307HIGH8.8ten sam produkt

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. The /configure/plugins/p...

CVE-2025-53963CRITICAL9.8PL ✓ten sam vendor

Słabe domyślne hasło root w urządzeniu Thermo Fisher Ion Torrent OneTouch 2

CVE-2025-54304CRITICAL9.8PL ✓ten sam vendor

Niezabezpieczony serwer X11 w Thermo Fisher Ion Torrent OneTouch 2 umożliwia RCE z uprawnieniami root