1. Home
  2. CVE Database
  3. CVE-2025-41438
CRITICAL · 9.8

CVE-2025-41438

The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even though it is possible to change this by SSHing into the device, it has remained unchanged on every install...

Vulnerability Description

The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even though it is possible to change this by SSHing into the device, it has remained unchanged on every installed system observed. This account is not root but holds high-level permissions that could severely impact the device's operation if exploited.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Related Weaknesses (CWE)

CWE-1188

References

FAQ

What is CVE-2025-41438?

CVE-2025-41438 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even though it is possible to change this by SSHing into the device, it has remained unchanged on every install...

How severe is CVE-2025-41438?

CVE-2025-41438 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-41438?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.