← back
CVE-2025-10285

Simplcity Device Manager exposes NTLMv2 hash

CVSS 7.4 HIGHEPSS 0.2%CWE-200
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.4EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
04 Dec 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user's domain password.
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Affected products
silabs.com · Simplicity Studio V6

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://community.silabs.com/a45Vm0000003UcfIAE