CVE-2025-5095
Burk Technology · ARC Solo
A vulnerability in the password change mechanism of Burk Technology ARC Solo allows unauthenticated attackers to change passwords and hijack devices.
Executive summary
A critical authentication bypass vulnerability in Burk Technology ARC Solo allows unauthenticated attackers to take full control of the device by changing administrative passwords.
Vulnerability
The device’s password change mechanism lacks proper authentication procedures, permitting an unauthenticated attacker to submit a request that modifies credentials and enables unauthorized administrative access.
Business impact
With a CVSS score of 9.8, this vulnerability poses a severe risk to infrastructure monitoring and control. Unauthorized device takeover could allow an attacker to alter environmental settings, disrupt critical monitoring, or use the device as a pivot point for further lateral movement within the network.
Remediation
Immediate Action: Apply the latest firmware update provided by Burk Technology to enforce proper authentication for password management functions.
Proactive Monitoring: Review device access logs for frequent or unauthorized password change attempts and monitor for anomalous administrative logins.
Compensating Controls: Isolate affected ARC Solo units behind a VPN or firewall to ensure the management interface is not exposed to the public internet.
Exploitation status
Public Exploit Available: Not specified
Analyst recommendation
This vulnerability represents a total loss of device integrity. It is imperative to restrict access to the management interface and apply vendor-supplied updates immediately to prevent full device takeover.