CVE-2025-52492 is a high-severity vulnerability identified in the firmware of Paxton Paxton10 access control systems prior to version 4.6 SR6. The vulnerability arises from the inclusion of hard-coded credentials for the Twilio API within the firmware file rootfs.tar.gz. An attacker who obtains a copy of this firmware can extract these embedded credentials without any authentication or user interaction. With these credentials, the attacker can gain unauthorized access to the associated Twilio account, which is likely used by the Paxton10 system for communication or notification services. This unauthorized access could lead to significant information disclosure, as the attacker may retrieve sensitive data transmitted or stored via Twilio services. Additionally, the attacker could disrupt services by manipulating or disabling Twilio communications, potentially impacting the availability of critical access control notifications or functions. The vulnerability is classified under CWE-798 (Use of Hard-coded Credentials), indicating a fundamental security design flaw. The CVSS v3.1 base score is 7.5, reflecting a network attack vector with low attack complexity, no privileges or user interaction required, and a high impact on confidentiality but no impact on integrity or availability. No known exploits are currently reported in the wild, and no patches have been linked yet, emphasizing the need for proactive mitigation by affected organizations.

For European organizations using Paxton Paxton10 systems, this vulnerability poses a substantial risk. Access control systems are critical for physical security in corporate, governmental, and industrial environments. Unauthorized access to the Twilio API credentials could allow attackers to intercept or manipulate communications related to access events, alarms, or user notifications, leading to information leakage about personnel movements or security configurations. Furthermore, disruption of Twilio services could impair real-time alerts, delaying incident response and increasing exposure to physical security breaches. The confidentiality breach could also extend to other systems integrated with Twilio, amplifying the impact. Given the widespread use of Paxton10 in European commercial and public sectors, exploitation could undermine trust in physical security infrastructure and cause operational disruptions. The lack of required authentication or user interaction for exploitation increases the threat level, making it feasible for remote attackers to leverage this vulnerability without insider access.

European organizations should immediately verify their Paxton10 firmware versions and upgrade to version 4.6 SR6 or later once available. Until patches are released, organizations should restrict access to firmware files and avoid downloading firmware from untrusted sources. Network segmentation should be enforced to isolate Paxton10 devices and limit their communication with external services like Twilio. Organizations should also audit Twilio account activity for suspicious access or usage patterns and rotate API credentials associated with Paxton10 systems. Implementing multi-factor authentication and IP whitelisting on Twilio accounts can reduce the risk of unauthorized access even if credentials are compromised. Monitoring network traffic for anomalous connections to Twilio endpoints and deploying intrusion detection systems tuned for such activity can provide early warnings. Finally, organizations should engage with Paxton support for timely updates and follow vendor advisories closely.