CVE-2025-52492 is a firmware vulnerability identified in Paxton Paxton10 access control systems, specifically in versions prior to 4.6 SR6. The vulnerability arises from the inclusion of hard-coded credentials for the Twilio API within the firmware file rootfs.tar.gz. An attacker who obtains this firmware image can extract these embedded credentials, granting unauthorized access to the associated Twilio account. Twilio is a cloud communications platform often used for SMS, voice, and other communication services integrated into security and access control systems. Exploitation of this vulnerability could allow an attacker to perform unauthorized actions via the Twilio API, including intercepting or sending messages, disrupting communication services, or accessing sensitive information linked to the Twilio account. Since the credentials are hard-coded and embedded in the firmware, the vulnerability does not require direct access to the device itself but only to the firmware file, which may be obtained through various means such as firmware leaks, downloads, or reverse engineering. This vulnerability does not have a CVSS score assigned yet, and no known exploits are reported in the wild as of the publication date. However, the risk remains significant due to the potential for unauthorized access to communication channels critical for security operations.

For European organizations using Paxton Paxton10 systems, this vulnerability poses a considerable risk to the confidentiality and integrity of their security communications. Unauthorized access to the Twilio API could lead to interception or manipulation of authentication messages, alerts, or other communications essential for physical access control and security monitoring. This could result in unauthorized physical access, information disclosure, and disruption of security services. Additionally, misuse of the Twilio account could incur financial costs or damage organizational reputation. Given that Paxton systems are widely used in commercial buildings, educational institutions, and government facilities across Europe, the impact could be broad, affecting critical infrastructure and sensitive environments. The disruption or compromise of communication services could also hinder incident response and operational continuity. Organizations relying on these systems must consider the potential cascading effects on their overall security posture.

Organizations should prioritize updating Paxton Paxton10 firmware to version 4.6 SR6 or later, where this vulnerability is addressed. If immediate patching is not feasible, organizations should restrict access to firmware files and monitor for unauthorized downloads or leaks. Additionally, organizations should audit their Twilio accounts associated with Paxton systems for any suspicious activity and consider rotating API credentials to invalidate any potentially compromised keys. Implementing network segmentation to isolate access control systems and their communication channels can limit the impact of compromised credentials. Enabling multi-factor authentication and strict access controls on Twilio accounts will further reduce the risk of unauthorized use. Regularly reviewing and monitoring logs for anomalous API usage patterns is also recommended. Finally, organizations should engage with Paxton support and their security teams to ensure comprehensive remediation and incident response plans are in place.