CVE-2025-6260 Information

Description

The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers either on the local area network or from the Internet via a router with port forwarding set up to gain direct access to the thermostat’s embedded web server and reset user credentials by manipulating specific elements of the embedded web interface.

Reference

https://www.cisa.gov/news-events/ics-advisories/icsa-25-205-02

Related CNNVD

CNNVD-202507-3119 (Published: 2025-07-24)