Simplcity Device Manager exposes NTLMv2 hash
CVE-2025-10285

7.4HIGH

Key Information:

Vendor: Silabs.com
Status: Simplicity Studio V6
Vendor: CVE Published:; 4 December 2025

What is CVE-2025-10285?

The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user's domain password.

Affected Version(s)

Simplicity Studio V6 Windows 0 < 0.100.18

References

https://community.silabs.com/a45Vm0000003UcfIAE

vendor-advisorypermissions-required

CVSS V4

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 4, 2025
Vulnerability Reserved
Sep 11, 2025

JSON

Silabs.com

What is CVE-2025-10285?

Affected Version(s)

References

CVSS V4

Timeline