CVE-2025-54305

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-54305
An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. One of the middlewares included in this application, LocalhostAuthMiddleware, authenticates users as ionadmin if the REMOTE_ADDR property in request.META is set to 127.0.0.1, to 127.0.1.1, or to ::1. Any user with local access to the server may bypass authentication.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://assets.thermofisher.com/TFS-Assets/LSG/manuals/MAN0026163-Torrent-Suite-5.18-UG.pdf Product Release Notes
https://documents.thermofisher.com/TFS-Assets/CORP/Product-Guides/Ion_OneTouch_2_and_Torrent_Suite_Software.pdf Vendor Advisory
https://www.thermofisher.com/us/en/home/life-science/sequencing/next-generation-sequencing/ion-torrent-next-generation-sequencing-workflow/ion-torrent-next-generation-sequencing-data-analysis-workflow/ion-torrent-suite-software.html Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:thermofisher:torrent_suite_software:5.18.1:*:*:*:*:*:*:*
History

16 Dec 2025, 18:50

Type Values Removed Values Added
First Time Thermofisher
Thermofisher torrent Suite Software
CPE cpe:2.3:a:thermofisher:torrent_suite_software:5.18.1:*:*:*:*:*:*:*
References () https://assets.thermofisher.com/TFS-Assets/LSG/manuals/MAN0026163-Torrent-Suite-5.18-UG.pdf - () https://assets.thermofisher.com/TFS-Assets/LSG/manuals/MAN0026163-Torrent-Suite-5.18-UG.pdf - Product, Release Notes
References () https://documents.thermofisher.com/TFS-Assets/CORP/Product-Guides/Ion_OneTouch_2_and_Torrent_Suite_Software.pdf - () https://documents.thermofisher.com/TFS-Assets/CORP/Product-Guides/Ion_OneTouch_2_and_Torrent_Suite_Software.pdf - Vendor Advisory
References () https://www.thermofisher.com/us/en/home/life-science/sequencing/next-generation-sequencing/ion-torrent-next-generation-sequencing-workflow/ion-torrent-next-generation-sequencing-data-analysis-workflow/ion-torrent-suite-software.html - () https://www.thermofisher.com/us/en/home/life-science/sequencing/next-generation-sequencing/ion-torrent-next-generation-sequencing-workflow/ion-torrent-next-generation-sequencing-data-analysis-workflow/ion-torrent-suite-software.html - Product

05 Dec 2025, 20:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8
CWE CWE-290

04 Dec 2025, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-12-04 15:15

Updated : 2025-12-16 18:50

NVD link : CVE-2025-54305

Mitre link : CVE-2025-54305

CVE.ORG link : CVE-2025-54305

JSON object : View

Products Affected

thermofisher

  • torrent_suite_software
CWE
CWE-290

Authentication Bypass by Spoofing