CVE-2025-41438: Consilium Safety CS5000 Fire Panel Initialization of a Resource with an Insecure Default

9.8 CVSS

Description

The CS5000 Fire Panel is vulnerable due to a default account that exists
on the panel. Even though it is possible to change this by SSHing into
the device, it has remained unchanged on every installed system
observed. This account is not root but holds high-level permissions that
could severely impact the device's operation if exploited.

Classification

CVE ID: CVE-2025-41438

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem Types

CWE-1188

Affected Products

Vendor: Consilium Safety

Product: CS5000 Fire Panel

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 13.03% (scored less or equal to compared to others)

EPSS Date: 2025-05-30 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-41438
https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03
https://www.consiliumsafety.com/en/support/

Timeline

2025-05-29 16:30:36 UTC
All CISA Advisories

Consilium Safety CS5000 Fire Panel
2025-05-30 00:40:15 UTC
CVE

Consilium Safety CS5000 Fire Panel Initialization of a Resource with an Insecure Default