CVE-2025-28172
Last modified
CVE-2025-28172 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker can perform an arbitrary number of authentication attempts using different passwords and eventually gain access to the targeted account using a brute force attack.. EPSS estimates a 0.27% chance of exploitation in the next 30 days.
Description
Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker can perform an arbitrary number of authentication attempts using different passwords and eventually gain access to the targeted account using a brute force attack.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Grandstream | Ucm6510 Firmware | <= 1.0.20.52 |
References
- http://grandstream.comProduct
- https://gist.github.com/Exek1el/6291185a87c98d4229181212b2bd5cdfThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-28172?
How severe is CVE-2025-28172?
How do I fix CVE-2025-28172?
Are you affected by CVE-2025-28172?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST