Denial-of-Service Vulnerability in Cognex In-Sight Explorer and In-Sight Camera Firmware
CVE-2025-54860

6.9MEDIUM

Key Information:

Vendor: Cognex
Status: In-sight 2000 Series; In-sight 7000 Series; In-sight 8000 Series; In-sight 9000 Series
Vendor: CVE Published:; 18 September 2025

What is CVE-2025-54860?

The Cognex In-Sight Explorer and In-Sight Camera Firmware are affected by a vulnerability that exposes a telnet-based service on port 23, which is designed to facilitate device management, including firmware upgrades and reboot functions. However, improper handling of login failures on this service can lead to a denial-of-service condition, rendering the telnet service inaccessible and impacting device manageability. This poses significant risks in environments where uptime and device accessibility are critical.

Affected Version(s)

In-Sight 2000 series 5.x <= 6.5.1

In-Sight 7000 series 5.x <= 6.5.1

In-Sight 8000 series 5.x <= 6.5.1

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-2...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2025
Vulnerability Reserved
Aug 6, 2025

Credit

Diego Giubertoni of Nozomi Networks reported these vulnerabilities to CISA.