Hard Coded Secret Key Vulnerability in Optigo Networks Tools
CVE-2025-2079

8.7HIGH

Key Information:

Vendor: Optigo Networks
Status: Visual Bacnet Capture Tool; Optigo Visual Networks Capture Tool
Vendor: CVE Published:; 13 March 2025

🔔 Create Optigo Networks Vulnerability Alert

What is CVE-2025-2079?

The Visual BACnet Capture Tool and Visual Networks Capture Tool from Optigo Networks have a vulnerability due to a hard coded secret key. This flaw allows attackers to create valid JSON Web Token (JWT) sessions, potentially compromising security protocols and gaining unauthorized access. Organizations using these tools should be aware of this issue and take steps to mitigate the risk by updating their software and reviewing security practices.

Affected Version(s)

Optigo Visual Networks Capture Tool 3.1.2rc11

Visual BACnet Capture Tool 3.1.2rc11

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-0...

government-resource

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Mar 13, 2025
Vulnerability Reserved
Mar 6, 2025

Credit

Tomer Goldschmidt of Claroty Team82

JSON