Plaintext Communication Vulnerability in Bosscomm IF740 Firmware and System
CVE-2025-25728

6.5MEDIUM

Key Information:

Vendor: Bosscomm
Status: IF740 Firmware
Vendor: CVE Published:; 28 February 2025

What is CVE-2025-25728?

The Bosscomm IF740 firmware and system are susceptible to a vulnerability where communications to the update API are transmitted in plaintext. This exposes sensitive information to potential attackers who can exploit this weakness through a man-in-the-middle attack. If an attacker gains access to the network, they could intercept these unencrypted communications, leading to unauthorized access to critical data. It is crucial for users of Bosscomm IF740 firmware versions 11001.7078 and 11001.0000, as well as System versions 6.25 and 6.00, to ensure they implement immediate security measures to mitigate the risk.

References

https://gainsec.com/2025/02/27/cve-2025-25727cve-2025-257...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 28, 2025

JSON