CVE-2025-54816

This vulnerability occurs when a WebSocket endpoint does not enforce proper authentication mechanisms, allowing unauthorized users to establish connections. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is required, this can lead to privilege escalation and potentially compromise the security of the entire system.

CVSS v3 9.4 CRITICAL

9.4^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-022-08.json	Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-08	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:evmapa:evmapa:*:*:*:*:*:*:*:*

History

02 Feb 2026, 19:56

Type	Values Removed	Values Added
First Time		Evmapa evmapa Evmapa
CPE		cpe:2.3:a:evmapa:evmapa::::::::
References	~~() https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-022-08.json -~~	() https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-022-08.json - Third Party Advisory
References	~~() https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-08 -~~	() https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-08 - Third Party Advisory, US Government Resource

22 Jan 2026, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-22 23:15

Updated : 2026-02-02 19:56

NVD link : CVE-2025-54816

Mitre link : CVE-2025-54816

CVE.ORG link : CVE-2025-54816

JSON object : View

Products Affected

evmapa

evmapa

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2025-54816", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.4, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2026-01-22T23:15:49.953", "references": [{"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-022-08.json", "tags": ["Third Party Advisory"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-08", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "This vulnerability occurs when a WebSocket endpoint does not enforce \nproper authentication mechanisms, allowing unauthorized users to \nestablish connections. As a result, attackers can exploit this weakness \nto gain unauthorized access to sensitive data or perform unauthorized \nactions. Given that no authentication is required, this can lead to \nprivilege escalation and potentially compromise the security of the \nentire system."}], "lastModified": "2026-02-02T19:56:13.070", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:evmapa:evmapa:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C85ACDB-38D2-4466-9206-529F45F4720E"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}