Summary
| Parameter | Value |
|---|---|
| CVE ID | CVE-2026-25775 |
| Alert Source | GitHub Advisory - Critical Vulnerability |
| CVE Publication Year | 2026 |
| Date Published | 2026-04-24 |
| Vendor | SenseLive |
| Product | X3050 |
| CVSS Score | 9.8 (critical) |
| EPSS Score | No data |
| CISA KEV | No |
| Ransomware | Not confirmed |
Vulnerability Description
A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded images, or the authenticity of provided firmware. In practice, an unauthenticated network-adjacent attacker can replace the device firmware with their own malicious code.
Required Actions
Update the SenseLive X3050 firmware to the patched version released by the vendor immediately. Until the patch is applied, restrict access to the management interface to a dedicated isolated network segment only, block management service ports at the LAN/WAN firewall, and monitor firmware update attempts.
Who Is Affected?
This vulnerability affects X3050 by SenseLive. Check whether your organization uses SenseLive X3050 (industrial converters / IoT gateways) and either update firmware immediately or remove the devices from any publicly reachable network.
Sources
Need help securing your systems? nFlo team offers vulnerability management and 24/7 SOC services. Contact us.
