Information Disclosure Vulnerability in Soundcraft Ui Series Products
CVE-2025-28235

7.5HIGH

Key Information:

Vendor: Soundcraft
Status: Ui Series
Vendor: CVE Published:; 18 April 2025

What is CVE-2025-28235?

The identified vulnerability in the Soundcraft Ui Series, specifically within the /socket.io/1/websocket/ component, exposes sensitive administrator credentials in plaintext. This flaw affects both the Ui12 and Ui16 models across specific firmware versions, posing a significant risk as it allows unauthorized users to access sensitive system information, making effective mitigation and prompt updates essential for securing users' data.

References

https://github.com/shiky8/my--cve-vulnerability-research/...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2025