CVE 9.3 CRITICAL

SenseLive X3050 Missing authentication for critical function_CVE-2026-25775

April 23, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded images, or the authenticity of provided firmware.

AI Analysis

Missing authentication for critical function in SenseLive X3050’s remote management service

Basic Information

ID CVE-2026-25775

Source icscert

Published Apr 24, 2026 at 00:06

Affected Product

Vendor SenseLive

Product X3050

Version V1.523

Affected Versions SenseLive X3050 V1.523

CWE Classification

CWE-306

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor SenseLive

Product X3050

Version V1.523

References

{
    "lastseen": "",
    "description": "A vulnerability in\u00a0SenseLive\u00a0X3050\u2019s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded images, or the authenticity of provided firmware.",
    "published": "2026-04-24T00:06:16.965Z",
    "modified": "2026-04-24T00:06:16.965Z",
    "type": "cve",
    "title": "SenseLive X3050 Missing authentication for critical function",
    "source": "icscert",
    "references": "https://senselive.io/contact\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-26-111-12\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-12.json",
    "id": "CVE-2026-25775",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "SenseLive X3050 V1.523",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "X3050",
    "version": "V1.523",
    "vendor": "SenseLive",
    "ai_description": "Missing authentication for critical function in SenseLive X3050\u2019s remote management service",
    "ai_severity": "Critical",
    "ai_vendor": "SenseLive",
    "ai_product": "X3050",
    "ai_version": "V1.523",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply