CVE-2025-10285 is a vulnerability classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) affecting Silicon Labs' Simplicity Studio V6, specifically the Simplicity Device Manager's web interface. The issue arises because the web interface is publicly accessible without adequate access controls, enabling attackers to extract NTLMv2 hashes of domain users. NTLMv2 hashes are cryptographic representations of user credentials used in Windows authentication. An attacker who obtains these hashes can perform offline brute-force or dictionary attacks to recover plaintext passwords, potentially gaining unauthorized access to domain accounts. The vulnerability does not require prior authentication or privileges but does require some user interaction, possibly through social engineering or phishing to trigger the hash exposure. The attack vector is network-based with low complexity, meaning it can be exploited remotely with minimal technical barriers. The vulnerability impacts confidentiality by exposing sensitive credential hashes and integrity by enabling unauthorized access if passwords are cracked. Availability is not directly affected. No patches or mitigations have been officially released at the time of publication, and no known exploits have been observed in the wild. The CVSS 4.0 score of 7.4 reflects a high severity due to the potential for credential compromise and subsequent domain access. The vulnerability is particularly concerning for organizations using Silicon Labs hardware and development tools, as it could serve as an entry point for broader network compromise.

For European organizations, this vulnerability poses a significant risk to the confidentiality and integrity of domain credentials. If exploited, attackers could gain unauthorized access to corporate networks by cracking NTLMv2 hashes, facilitating lateral movement, privilege escalation, and data exfiltration. Industries involved in embedded systems, IoT, and electronics development that rely on Silicon Labs' Simplicity Studio V6 are especially vulnerable. The exposure of domain credentials could lead to breaches of sensitive intellectual property, disruption of development workflows, and potential compliance violations under GDPR due to unauthorized data access. Additionally, the public exposure of the web interface increases the attack surface, making it easier for threat actors to target these organizations remotely. The lack of available patches increases the urgency for organizations to implement compensating controls. The impact extends beyond individual organizations to supply chains and partners relying on affected systems, potentially amplifying the threat across European technology sectors.

1. Immediately restrict access to the Simplicity Device Manager web interface by implementing network segmentation and firewall rules to limit exposure to trusted internal networks only. 2. Disable or remove any unnecessary public-facing instances of the Simplicity Device Manager until a patch is available. 3. Enforce strong, complex passwords and consider implementing multi-factor authentication (MFA) for domain accounts to reduce the risk of successful password cracking. 4. Monitor network traffic and authentication logs for unusual NTLM authentication attempts or repeated hash extraction activities. 5. Educate users on phishing and social engineering risks to prevent triggering user interaction required for exploitation. 6. Engage with Silicon Labs for updates on patches or official mitigations and plan for timely deployment once available. 7. Conduct regular security assessments and penetration tests focusing on exposed development tools and interfaces. 8. Consider deploying network intrusion detection/prevention systems (IDS/IPS) tuned to detect suspicious activity related to NTLM hash extraction or brute-force attacks.