1. Home
  2. CVE Database
  3. CVE-2025-6521
HIGH · 7.6

CVE-2025-6521

During the initial setup of the device the user connects to an access point broadcast by the Sight Bulb Pro. During the negotiation, AES Encryption keys are passed in cleartext. If captured, an atta...

Vulnerability Description

During the initial setup of the device the user connects to an access point broadcast by the Sight Bulb Pro. During the negotiation, AES Encryption keys are passed in cleartext. If captured, an attacker may be able to decrypt communications between the management app and the Sight Bulb Pro which may include sensitive information such as network credentials.

CVSS Score

7.6

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Related Weaknesses (CWE)

CWE-327

References

FAQ

What is CVE-2025-6521?

CVE-2025-6521 is a vulnerability with a CVSS score of 7.6 (HIGH). During the initial setup of the device the user connects to an access point broadcast by the Sight Bulb Pro. During the negotiation, AES Encryption keys are passed in cleartext. If captured, an atta...

How severe is CVE-2025-6521?

CVE-2025-6521 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-6521?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.