CVE-2025-34034

A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://vulncheck.com/advisories/5vtechnologies-blue-angel-hardcoded-credentials	Third Party Advisory
https://www.exploit-db.com/exploits/46792	Exploit Third Party Advisory
https://www.exploit-db.com/exploits/46792	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:5vtechnologies:blue_angel_software_suite:*:*:*:*:*:*:*:*

History

09 Jul 2025, 19:09

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-24 01:15

Updated : 2025-07-09 19:09

NVD link : CVE-2025-34034

Mitre link : CVE-2025-34034

CVE.ORG link : CVE-2025-34034

JSON object : View

Products Affected

5vtechnologies

blue_angel_software_suite

CWE

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2025-34034", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-06-24T01:15:24.630", "references": [{"url": "https://vulncheck.com/advisories/5vtechnologies-blue-angel-hardcoded-credentials", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/46792", "tags": ["Exploit", "Third Party Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/46792", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device\u2019s web interface."}, {"lang": "es", "value": "Existe una vulnerabilidad de credenciales codificada en Blue Angel Software Suite, implementada en sistemas Linux incorporados. La aplicaci\u00f3n contiene varias cuentas de usuario predeterminadas y codificadas que no se divulgan en la documentaci\u00f3n p\u00fablica. Estas cuentas permiten a atacantes no autenticados o con pocos privilegios obtener acceso administrativo a la interfaz web del dispositivo. "}], "lastModified": "2025-07-09T19:09:03.653", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:5vtechnologies:blue_angel_software_suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0B3E12A-6F24-467A-9B8F-A1DB04C7BB18"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}