CVE-2025-26409

CVE-2025-26409: Access to Bootloader and Shell Over Serial Interface

Vendor Wattsense
Product Wattsense Bridge
Weakness CWE-1299
Published February 11, 2025
Last update November 3, 2025

CVSS base score

What the vulnerability does

01Description

A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This issue is fixed in recent firmware versions BSP >= 6.4.1.

Key dates

02Disclosure timeline

February 11, 2025 CVE published
November 3, 2025 Record updated