Web Interface Vulnerability in Silicon Labs Simplicity Device Manager
CVE-2025-10285

7.4HIGH

Key Information:

Vendor: Silabs.com
Status: Simplicity Studio V6
Vendor: CVE Published:; 4 December 2025

What is CVE-2025-10285?

The web interface of the Silicon Labs Simplicity Device Manager is publicly accessible, allowing unauthorized users to extract NTLMv2 hashes. This could facilitate further unauthorized access, enabling attackers potentially to gain control over target user accounts by cracking their domain passwords. Organizations using this product should take immediate action to secure their web interface and safeguard sensitive information.

Affected Version(s)

Simplicity Studio V6 Windows 0 < 0.100.18

References

https://community.silabs.com/a45Vm0000003UcfIAE

vendor-advisorypermissions-required

CVSS V4

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 4, 2025
Vulnerability Reserved
Sep 11, 2025

CVE-2025-10285 Data

JSON

Silabs.com

What is CVE-2025-10285?

Affected Version(s)

References

CVSS V4

Timeline