CVE-2025-34034

5VTechnologies Blue Angel Software Suite Hardcoded Credentials

CVSS 9.3 CRITICALEPSS 0.6%CWE-798

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 9.3EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

24 Jun 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-26 UTC.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

5VTechnologies · Blue Angel Software Suite

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://vulncheck.com/advisories/5vtechnologies-blue-angel-hardcoded-credentials https://www.exploit-db.com/exploits/46792