Physical Access Vulnerability in Wattsense Bridge Devices
CVE-2025-26409

6.8MEDIUM

Key Information:

Vendor: Wattsense
Status: Wattsense Bridge
Vendor: CVE Published:; 11 February 2025

What is CVE-2025-26409?

A vulnerability exists in the Wattsense Bridge devices that allows unauthorized physical access to the serial interface on the PCB. This enables a person with physical access to connect to the interface, gaining entry to the bootloader and a Linux login prompt. Exploiting this access can result in a root shell on the device, posing significant security risks. Wattsense has addressed this issue in firmware versions BSP 6.4.1 and above, highlighting the importance of keeping devices updated to protect against such vulnerabilities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Wattsense Bridge 0 < 6.4.1

References

https://r.sec-consult.com/wattsense

third-party-advisory

https://support.wattsense.com/hc/en-150/articles/13366066...

release-notes

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Feb 10, 2025

Credit

Constantin Schieber-Knöbl | SEC Consult Vulnerability Lab

Stefan Schweighofer | SEC Consult Vulnerability Lab

Steffen Robertz | SEC Consult Vulnerability Lab

JSON

Wattsense

What is CVE-2025-26409?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.