CVE-2025-28235: n/a in n/a
An information disclosure vulnerability in the component /socket.io/1/websocket/ of Soundcraft Ui Series Model(s) Ui12 and Ui16 Firmware v1.0.7x and v1.0.5x allows attackers to access Administrator credentials in plaintext.
AI Analysis
Technical Summary
CVE-2025-28235 is an information disclosure vulnerability affecting the Soundcraft Ui Series digital mixing consoles, specifically the Ui12 and Ui16 models running firmware versions 1.0.7x and 1.0.5x. The vulnerability resides in the /socket.io/1/websocket/ component of the device's firmware. Due to improper handling of sensitive data within this WebSocket endpoint, an unauthenticated remote attacker can access Administrator credentials in plaintext. This flaw allows attackers to retrieve highly sensitive authentication information without requiring any prior authentication or user interaction. The vulnerability has a CVSS v3.1 base score of 7.5, indicating a high severity level, with an attack vector classified as network-based (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The impact is limited to confidentiality (C:H), with no direct impact on integrity or availability. The vulnerability is categorized under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). No patches or mitigations have been officially released at the time of this report, and no known exploits are currently observed in the wild. However, given the nature of the exposed credentials, successful exploitation could lead to unauthorized administrative access to the affected devices, potentially allowing further malicious activities such as configuration changes, interception of audio streams, or pivoting within the network environment where these devices are deployed.
Potential Impact
For European organizations, especially those in the media, entertainment, live event production, and broadcasting sectors, this vulnerability poses a significant risk. Soundcraft Ui Series consoles are widely used in professional audio environments, including concert venues, theaters, conference centers, and broadcast studios. Unauthorized access to administrator credentials could lead to compromise of audio control systems, disruption of live events, or unauthorized surveillance through audio streams. Additionally, these devices often reside within corporate or institutional networks, so attackers gaining administrative access could use them as footholds for lateral movement or data exfiltration. The confidentiality breach of administrator credentials undermines trust in the security of critical audio infrastructure and could result in reputational damage, operational disruptions, and financial losses. Given the network-exposed nature of the vulnerability and lack of required authentication, attackers can exploit this remotely, increasing the risk for organizations with internet-facing or poorly segmented audio equipment networks.
Mitigation Recommendations
1. Network Segmentation: Immediately isolate Soundcraft Ui12 and Ui16 devices from public internet access and restrict their network exposure to trusted internal segments only. 2. Access Controls: Implement strict firewall rules to limit access to the /socket.io/1/websocket/ endpoint to authorized management workstations or VLANs. 3. Monitoring and Logging: Enable detailed logging on network devices and monitor for unusual access patterns to the affected WebSocket endpoint, including repeated or anomalous connection attempts. 4. Credential Rotation: Proactively change administrator credentials on all affected devices to strong, unique passwords to limit the window of exposure. 5. Vendor Engagement: Engage with the device vendor or authorized support channels to obtain firmware updates or patches as soon as they become available. 6. Temporary Workarounds: If possible, disable or restrict the WebSocket service or the vulnerable endpoint until a patch is released. 7. Incident Response Preparedness: Prepare to respond to potential compromise scenarios involving these devices, including forensic analysis and network containment procedures. 8. Physical Security: Ensure physical access to the devices is controlled to prevent local exploitation or tampering.
Affected Countries
United Kingdom, Germany, France, Italy, Spain, Netherlands, Belgium, Sweden, Switzerland, Austria
CVE-2025-28235: n/a in n/a
Description
An information disclosure vulnerability in the component /socket.io/1/websocket/ of Soundcraft Ui Series Model(s) Ui12 and Ui16 Firmware v1.0.7x and v1.0.5x allows attackers to access Administrator credentials in plaintext.
AI-Powered Analysis
Technical Analysis
CVE-2025-28235 is an information disclosure vulnerability affecting the Soundcraft Ui Series digital mixing consoles, specifically the Ui12 and Ui16 models running firmware versions 1.0.7x and 1.0.5x. The vulnerability resides in the /socket.io/1/websocket/ component of the device's firmware. Due to improper handling of sensitive data within this WebSocket endpoint, an unauthenticated remote attacker can access Administrator credentials in plaintext. This flaw allows attackers to retrieve highly sensitive authentication information without requiring any prior authentication or user interaction. The vulnerability has a CVSS v3.1 base score of 7.5, indicating a high severity level, with an attack vector classified as network-based (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The impact is limited to confidentiality (C:H), with no direct impact on integrity or availability. The vulnerability is categorized under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). No patches or mitigations have been officially released at the time of this report, and no known exploits are currently observed in the wild. However, given the nature of the exposed credentials, successful exploitation could lead to unauthorized administrative access to the affected devices, potentially allowing further malicious activities such as configuration changes, interception of audio streams, or pivoting within the network environment where these devices are deployed.
Potential Impact
For European organizations, especially those in the media, entertainment, live event production, and broadcasting sectors, this vulnerability poses a significant risk. Soundcraft Ui Series consoles are widely used in professional audio environments, including concert venues, theaters, conference centers, and broadcast studios. Unauthorized access to administrator credentials could lead to compromise of audio control systems, disruption of live events, or unauthorized surveillance through audio streams. Additionally, these devices often reside within corporate or institutional networks, so attackers gaining administrative access could use them as footholds for lateral movement or data exfiltration. The confidentiality breach of administrator credentials undermines trust in the security of critical audio infrastructure and could result in reputational damage, operational disruptions, and financial losses. Given the network-exposed nature of the vulnerability and lack of required authentication, attackers can exploit this remotely, increasing the risk for organizations with internet-facing or poorly segmented audio equipment networks.
Mitigation Recommendations
1. Network Segmentation: Immediately isolate Soundcraft Ui12 and Ui16 devices from public internet access and restrict their network exposure to trusted internal segments only. 2. Access Controls: Implement strict firewall rules to limit access to the /socket.io/1/websocket/ endpoint to authorized management workstations or VLANs. 3. Monitoring and Logging: Enable detailed logging on network devices and monitor for unusual access patterns to the affected WebSocket endpoint, including repeated or anomalous connection attempts. 4. Credential Rotation: Proactively change administrator credentials on all affected devices to strong, unique passwords to limit the window of exposure. 5. Vendor Engagement: Engage with the device vendor or authorized support channels to obtain firmware updates or patches as soon as they become available. 6. Temporary Workarounds: If possible, disable or restrict the WebSocket service or the vulnerable endpoint until a patch is released. 7. Incident Response Preparedness: Prepare to respond to potential compromise scenarios involving these devices, including forensic analysis and network containment procedures. 8. Physical Security: Ensure physical access to the devices is controlled to prevent local exploitation or tampering.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2025-03-11T00:00:00.000Z
- Cisa Enriched
- true
Threat ID: 682d984ac4522896dcbf7536
Added to database: 5/21/2025, 9:09:30 AM
Last enriched: 6/21/2025, 1:22:21 PM
Last updated: 8/17/2025, 4:29:30 PM
Views: 9
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.