CVE-2025-28389

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-28389

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-28389.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-28389

Aliases

PYSEC-2025-150

Published

2025-06-13T14:15:21.010Z

Modified

2026-05-20T08:11:48.243745714Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack.

References

Affected packages

Git / github.com/openc3/cosmos

Affected ranges

Type

GIT

Repo

https://github.com/openc3/cosmos

Events

Introduced

Last affected

6e0d24067e57572254471e0460bcc10931740c40

Introduced

Last affected

6e0d24067e57572254471e0460bcc10931740c40

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.0.0"
        }
    ]
}

Affected versions

v3.*

v3.0.0

v3.1.0

v3.1.1

v3.1.2

v3.2.1

v3.3.0

v3.3.1

v3.4.0

v3.4.1

v3.4.2

v3.5.1

v3.6.0

v3.6.1

v3.6.2

v3.7.0

v3.8.0

v3.8.1

v3.8.2

v3.8.3

v3.9.0

v3.9.1

v3.9.2

v4.*

v4.0.0

v4.0.1

v4.0.2

v4.0.3

v4.1.0

v4.1.1

v4.2.3

v4.3.0

v5.*

v5.0.0

v5.0.0-beta.1

v5.0.0.beta2

v5.0.1

v5.0.10

v5.0.11

v5.0.2

v5.0.3

v5.0.4

v5.0.5

v5.0.7

v5.0.8

v5.0.9

v5.1.0

v5.1.1

v5.10.0

v5.10.1

v5.11.0

v5.11.1

v5.11.2

v5.11.3

v5.12.0

v5.13.0

v5.14.0

v5.14.1

v5.14.2

v5.15.0

v5.15.1

v5.15.2

v5.16.0

v5.16.1

v5.16.2

v5.17.0

v5.17.1

v5.18.0

v5.19.0

v5.2.0

v5.20.0

v5.3.0

v5.4.0

v5.4.1

v5.4.2

v5.4.3-beta0

v5.5.0

v5.5.0-beta0

v5.5.1

v5.5.2

v5.5.2-beta0

v5.6.0

v5.6.1

v5.7.0

v5.7.2

v5.8.0

v5.8.1

v5.9.0

v5.9.1

v6.*

v6.0.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-28389.json"