CVE-2025-28172 — MEDIUM (6.5)

Q: How severe is CVE-2025-28172?

CVE-2025-28172 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-28172?

Check the references section above for vendor advisories and patch information. Affected products include: Grandstream Ucm6510 Firmware, Grandstream Ucm6510.

Vulnerability Description

Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker can perform an arbitrary number of authentication attempts using different passwords and eventually gain access to the targeted account using a brute force attack.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Grandstream	Ucm6510 Firmware	<= 1.0.20.52
Grandstream	Ucm6510	-

Related Weaknesses (CWE)

CWE-307

References

http://grandstream.comProduct
https://gist.github.com/Exek1el/6291185a87c98d4229181212b2bd5cdfThird Party Advisory

FAQ

What is CVE-2025-28172?

CVE-2025-28172 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker can perform an arbitrary number of authentication attempts us...

How severe is CVE-2025-28172?

CVE-2025-28172 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-28172?

Check the references section above for vendor advisories and patch information. Affected products include: Grandstream Ucm6510 Firmware, Grandstream Ucm6510.