Access Control Flaw in BW Broadcast Hardware Models
CVE-2025-28233

9.1CRITICAL

Key Information:

Vendor: BW Broadcast
Status: TX600, TX300, TX150, TX1000, TX30, TX50
Vendor: CVE Published:; 18 April 2025

🔔 Create BW Broadcast Vulnerability Alert

What is CVE-2025-28233?

A security vulnerability in select BW Broadcast hardware models allows unauthorized users to access sensitive log files. This issue arises from improper access control, enabling attackers to extract session identifiers. Such information may be exploited to execute session hijacking attacks, compromising user sessions and potentially leading to unauthorized access to critical system functionalities. Users of affected hardware versions are advised to assess their security protocols and implement necessary updates to mitigate risk.

References

https://github.com/shiky8/my--cve-vulnerability-research/...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 18, 2025