Critical severity9.8NVD Advisory· Published Apr 24, 2026· Updated Apr 24, 2026

CVE-2026-25775

Description

A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded images, or the authenticity of provided firmware.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-12.jsonnvd
senselive.io/contactnvd
www.cisa.gov/news-events/ics-advisories/icsa-26-111-12nvd

News mentions

SenseLive X3050
CISA Alerts

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000