CVE-2025-5485 HIGH

CVE-2025-5485: SinoTrack GPS Receiver Weak Authentication

Vendor Sinotrack
Product IOT PC Platform
Weakness CWE-204
Published June 12, 2025
Last update June 12, 2025

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

User names used to access the web management interface are limited to the device identifier, which is a numerical identifier no more than 10 digits. A malicious actor can enumerate potential targets by incrementing or decrementing from known identifiers or through enumerating random digit sequences.

Key dates

02Disclosure timeline

June 12, 2025 CVE published
June 12, 2025 Record updated