Weak Authentication Vulnerability in OpenC3 COSMOS by OpenC3
CVE-2025-28389

9.8CRITICAL

Key Information:

Vendor: OpenC3
Status: COSMOS
Vendor: CVE Published:; 13 June 2025

What is CVE-2025-28389?

OpenC3 COSMOS version 6.0.0 is plagued by weak password requirements that expose users to authentication bypass risks. This vulnerability allows attackers to carry out brute force attacks, potentially granting unauthorized access to sensitive systems. It underscores the necessity for robust password policies and user authentication mechanisms to safeguard against intrusions.

References

https://openc3.com/

https://visionspace.com/openc3-cosmos-a-security-assessme...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 13, 2025
Vulnerability Reserved
Mar 11, 2025

CVE-2025-28389 Data

JSON