CVE-2025-5095

Burk Technology ARC Solo Missing Authentication for Critical Function

Description

Burk Technology ARC Solo's password change mechanism can be utilized without proper authentication procedures, allowing an attacker to take over the device. A password change request can be sent directly to the device's HTTP endpoint without providing valid credentials. The system does not enforce proper authentication or session validation, allowing the password change to proceed without verifying the request's legitimacy.

Remediation

Solution:

  • Burk Technology recommends users update their ARC Solo devices to Version v1.0.62 or later. The upgrade can be downloaded from the Burk Technology website https://www.burk.com/products/Broadcast/ARC-Solo-6 .

Category

9.3
CVSS
Severity: Critical
CVSS 4.0 •
CVSS 3.1 •
EPSS 0.06%
Affected: Burk Technology ARC Solo
Published at:
Updated at:

References

Frequently Asked Questions

What is the severity of CVE-2025-5095?
CVE-2025-5095 has been scored as a critical severity vulnerability.
How to fix CVE-2025-5095?
To fix CVE-2025-5095: Burk Technology recommends users update their ARC Solo devices to Version v1.0.62 or later. The upgrade can be downloaded from the Burk Technology website https://www.burk.com/products/Broadcast/ARC-Solo-6 .
Is CVE-2025-5095 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-5095 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-5095?
CVE-2025-5095 affects Burk Technology ARC Solo.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.