CVE-2025-46275 is a vulnerability identified in Planet Technology's WGS-804HPT-V2 and WGS-4215-8T2S devices, which are network switches commonly used in industrial and enterprise environments. The core issue is a missing authentication mechanism for a critical function, specifically the creation of administrator accounts. This lack of authentication means that an attacker can create a new administrator account without needing any existing credentials or prior access. This vulnerability falls under CWE-306, which refers to missing authentication for critical functions, allowing unauthorized users to perform privileged operations. The absence of authentication controls on such a sensitive function severely undermines the security model of the affected devices. Exploiting this vulnerability would enable an attacker to gain full administrative control over the device, potentially allowing them to manipulate network traffic, disable security features, or pivot to other parts of the network. Although no known exploits are currently reported in the wild, the simplicity of the attack vector—no credentials or user interaction required—makes it a significant risk once discovered by malicious actors. The vulnerability affects all versions of the product (indicated by affectedVersions: ["0"]), suggesting it is a fundamental design flaw rather than a patchable bug. The vulnerability was reserved and published in April 2025, with enrichment from ICS-CERT, indicating its relevance to industrial control systems and critical infrastructure environments. No patches or mitigations have been officially released yet, increasing the urgency for organizations to implement compensating controls.

For European organizations, the impact of this vulnerability can be substantial, especially for those relying on Planet Technology's network switches in critical infrastructure sectors such as manufacturing, energy, transportation, and telecommunications. Unauthorized administrative access could lead to full device compromise, enabling attackers to intercept, modify, or disrupt network communications. This could result in operational downtime, data breaches, or sabotage of industrial processes. The integrity and availability of network infrastructure could be severely affected, with potential cascading effects on dependent systems. Confidentiality is also at risk since attackers could monitor or exfiltrate sensitive data traversing the compromised switches. Given the role of these devices in industrial environments, the threat extends beyond IT networks to operational technology (OT) systems, increasing the risk of physical damage or safety incidents. The medium severity rating reflects the significant impact balanced against the current lack of known exploits and the need for physical or network access to the device. However, the ease of exploitation—no authentication or user interaction required—raises the threat level if attackers gain network access. European organizations with limited network segmentation or exposed management interfaces are particularly vulnerable.

Since no official patches are currently available, European organizations should implement immediate compensating controls. First, restrict network access to the management interfaces of affected devices using network segmentation and firewall rules, allowing only trusted administrative hosts to connect. Employ strong access control lists (ACLs) and disable any unnecessary services or remote management protocols on these switches. Monitor network traffic for unusual account creation attempts or administrative activity. Implement strict logging and alerting on device management events to detect potential exploitation attempts early. Where possible, replace or upgrade affected devices with models from vendors that provide robust authentication mechanisms. Additionally, consider deploying network intrusion detection/prevention systems (IDS/IPS) tailored to detect anomalous behavior related to administrative account creation. Conduct regular security audits and penetration tests focusing on device management interfaces. Finally, maintain close communication with Planet Technology for any forthcoming patches or firmware updates addressing this vulnerability.