CVE-2025-2185: ALBEDO Telecom Net.Time - PTP/NTP Clock Insufficient Session Expiration

8.0 CVSS

Description

ALBEDO Telecom Net.Time - PTP/NTP clock (Serial No. NBC0081P) software release 1.4.4 is vulnerable to an insufficient session expiration vulnerability, which
could permit an attacker to transmit passwords over unencrypted
connections, resulting in the product becoming vulnerable to
interception.

Classification

CVE ID: CVE-2025-2185

CVSS Base Severity: HIGH

CVSS Base Score: 8.0

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Problem Types

CWE-613 Insufficient Session Expiration

Affected Products

Vendor: ALBEDO Telecom

Product: Net.Time - PTP/NTP clock (Serial No. NBC0081P)

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 9.43% (scored less or equal to compared to others)

EPSS Date: 2025-05-15 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-2185
https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-02
https://www.albedotelecom.com/contactus.php

Timeline

2025-04-25 00:40:19 UTC
CVE

ALBEDO Telecom Net.Time - PTP/NTP Clock Insufficient Session Expiration