CVE-2025-10285 is a vulnerability classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) affecting the Silicon Labs Simplicity Studio V6 product, specifically its Simplicity Device Manager web interface. The issue arises because the web interface is publicly accessible without sufficient access controls, allowing attackers to extract NTLMv2 hashes used for authenticating domain users. NTLMv2 hashes, if obtained, can be subjected to offline cracking attempts to reveal plaintext passwords, potentially compromising user accounts and domain security. The vulnerability has a CVSS 4.0 base score of 7.4, indicating high severity. The vector metrics indicate the attack requires network access (AV:A), low attack complexity (AC:L), no privileges (PR:N), but requires user interaction (UI:P). The vulnerability impacts confidentiality and integrity highly but does not affect availability. No patches or known exploits are currently available, but the exposure of NTLMv2 hashes poses a significant risk if exploited. The vulnerability was reserved in September 2025 and published in December 2025. The affected versions are not explicitly detailed beyond version 0, suggesting early or initial releases may be impacted. The technical risk lies in the potential for attackers to leverage the exposed hashes to escalate privileges or move laterally within a network environment.

For European organizations, the impact of CVE-2025-10285 can be significant, particularly for those relying on Silicon Labs Simplicity Studio V6 for device management and development of embedded or IoT systems. Exposure of NTLMv2 hashes can lead to credential compromise, enabling attackers to gain unauthorized access to domain resources, escalate privileges, and potentially conduct further attacks such as data exfiltration or ransomware deployment. This is especially critical in sectors with sensitive intellectual property or critical infrastructure, including manufacturing, automotive, and telecommunications industries prevalent in Europe. The public exposure of the web interface increases the attack surface, making remote exploitation feasible without prior authentication. The compromise of domain credentials can undermine trust boundaries within corporate networks, leading to widespread security breaches. Additionally, the lack of available patches increases the window of vulnerability, necessitating immediate compensating controls. The vulnerability could also affect supply chain security if exploited against vendors or partners using the affected software.

To mitigate CVE-2025-10285, organizations should immediately restrict access to the Simplicity Device Manager web interface by implementing network segmentation and firewall rules to limit exposure only to trusted internal networks or VPN users. Employ strong authentication mechanisms such as multi-factor authentication (MFA) where possible to reduce the risk of credential misuse. Monitor network traffic and authentication logs for unusual NTLM authentication attempts or repeated failed logins that may indicate hash extraction or cracking activities. Enforce strong password policies and consider implementing account lockout policies to hinder brute-force attacks on NTLM hashes. Until an official patch is released, consider disabling the web interface if it is not essential or replacing it with alternative management tools. Regularly update and audit software versions and configurations to detect unauthorized changes. Conduct employee awareness training on phishing and social engineering to reduce the likelihood of user interaction that facilitates exploitation. Finally, prepare incident response plans specifically addressing credential compromise scenarios.