CVE-2025-28388
- Source
- https://cve.org/CVERecord?id=CVE-2025-28388
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-28388.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-28388
- Published
- 2025-06-13T14:15:20.883Z
- Modified
- 2026-04-10T05:24:25.458632Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account.
- References
-
- https://github.com/OpenC3/cosmos/pull/1816/commits/195974a019f375f7c5a35f48e4151babb40649ac
- https://github.com/OpenC3/cosmos/releases/tag/v6.0.2
- https://openc3.com/
- https://github.com/OpenC3/cosmos/pull/1816
- https://visionspace.com/openc3-cosmos-a-security-assessment-of-an-open-source-mission-framework/
Affected packages
Git / github.com/openc3/cosmos
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openc3/cosmos
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "6.0.0" }, { "introduced": "0" }, { "last_affected": "6.0.0" } ] }
Affected versions
v3.*
v3.0.0
v3.1.0
v3.1.1
v3.1.2
v3.2.1
v3.3.0
v3.3.1
v3.4.0
v3.4.1
v3.4.2
v3.5.1
v3.6.0
v3.6.1
v3.6.2
v3.7.0
v3.8.0
v3.8.1
v3.8.2
v3.8.3
v3.9.0
v3.9.1
v3.9.2
v4.*
v4.0.0
v4.0.1
v4.0.2
v4.0.3
v4.1.0
v4.1.1
v4.2.3
v4.3.0
v5.*
v5.0.0
v5.0.0-beta.1
v5.0.0.beta2
v5.0.1
v5.0.10
v5.0.11
v5.0.2
v5.0.3
v5.0.4
v5.0.5
v5.0.7
v5.0.8
v5.0.9
v5.1.0
v5.1.1
v5.10.0
v5.10.1
v5.11.0
v5.11.1
v5.11.2
v5.11.3
v5.12.0
v5.13.0
v5.14.0
v5.14.1
v5.14.2
v5.15.0
v5.15.1
v5.15.2
v5.16.0
v5.16.1
v5.16.2
v5.17.0
v5.17.1
v5.18.0
v5.19.0
v5.2.0
v5.20.0
v5.3.0
v5.4.0
v5.4.1
v5.4.2
v5.4.3-beta0
v5.5.0
v5.5.0-beta0
v5.5.1
v5.5.2
v5.5.2-beta0
v5.6.0
v5.6.1
v5.7.0
v5.7.2
v5.8.0
v5.8.1
v5.9.0
v5.9.1
v6.*
v6.0.0
v6.0.1