CVE-2025-3925: BrightSign Players Execution with Unnecessary Privileges

7.8 CVSS

Description

BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or
series 5 prior to v9.0.166 contain an execution with unnecessary
privileges vulnerability, allowing for privilege escalation on the
device once code execution has been obtained.

Classification

CVE ID: CVE-2025-3925

CVSS Base Severity: HIGH

CVSS Base Score: 7.8

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem Types

CWE-250

Affected Products

Vendor: BrightSign

Product: BrightSign OS series 4 players, BrightSign OS series 5 players

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.01% (probability of being exploited)

EPSS Percentile: 1.48% (scored less or equal to compared to others)

EPSS Date: 2025-05-08 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-3925
https://www.cisa.gov/news-events/ics-advisories/icsa-25-126-03
https://www.brightsign.biz/resources/software-downloads/

Timeline

2025-05-06 16:00:40 UTC
All CISA Advisories

BrightSign Players
2025-05-07 21:40:14 UTC
CVE

BrightSign Players Execution with Unnecessary Privileges