Default Account Vulnerability in CS5000 Fire Panel by Consilium Safety
CVE-2025-41438

9.3CRITICAL

Key Information:

Vendor: Consilium Safety
Status: Cs5000 Fire Panel
Vendor: CVE Published:; 30 May 2025

🔔 Create Consilium Safety Vulnerability Alert

What is CVE-2025-41438?

The CS5000 Fire Panel is at risk due to a default account that has not been changed in deployed systems. Despite the ability to alter this account through SSH access, the default credentials remain intact, presenting a significant security concern. This account, while not root, possesses elevated permissions that could lead to severe operational disruptions if exploited by malicious actors.

Affected Version(s)

CS5000 Fire Panel All versions

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...

https://www.consiliumsafety.com/en/support/

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 30, 2025