CVE-2025-3925 HIGH

CVE-2025-3925: BrightSign Players Execution with Unnecessary Privileges

Vendor Brightsign
Product BrightSign OS series 4 players
Weakness CWE-250
Published May 7, 2025
Last update May 8, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 contain an execution with unnecessary privileges vulnerability, allowing for privilege escalation on the device once code execution has been obtained.

Key dates

02Disclosure timeline

May 7, 2025 CVE published
May 8, 2025 Record updated