CVE-2025-54319 in WeOSinfo

Summary

by MITRE • 07/21/2025

An issue was discovered in Westermo WeOS 5 (5.24 through 5.24.4). A threat actor potentially can gain unauthorized access to sensitive information via system logging information (syslog verbose logging that includes credentials).

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 07/21/2025

This vulnerability exists within Westermo WeOS 5 operating system versions 5.24 through 5.24.4, representing a critical information disclosure flaw that directly impacts network device security. The vulnerability stems from improper handling of system logging mechanisms where verbose syslog output inadvertently includes sensitive credential information, creating a significant attack surface for malicious actors. This issue falls under CWE-200, which specifically addresses the exposure of sensitive information, and aligns with ATT&CK technique T1074.001 for data staging through logs. The vulnerability affects devices running the WeOS 5 operating system, which is commonly deployed in industrial environments and network infrastructure where security is paramount. Threat actors can exploit this weakness by monitoring network traffic or accessing system logs directly, potentially extracting authentication credentials that could be used for unauthorized access to the affected devices.

The technical implementation of this vulnerability involves the system's verbose logging configuration where system messages contain cleartext credentials, usernames, and potentially other sensitive authentication data. When syslog functionality is enabled with verbose logging levels, the system outputs detailed operational information including network authentication parameters, which are not properly sanitized before being recorded or transmitted. This flaw represents a failure in input validation and output sanitization processes, where sensitive data elements are not adequately masked or removed from log entries. The vulnerability is particularly concerning because it operates at the system level where logging is typically enabled for troubleshooting and monitoring purposes, making it difficult to detect and prevent without specific configuration changes.

The operational impact of this vulnerability extends beyond simple credential theft, as it can enable attackers to escalate privileges and gain full administrative control over affected network devices. Once credentials are extracted from the verbose logs, threat actors can establish persistent access to the network infrastructure, potentially leading to lateral movement and further compromise of connected systems. The vulnerability affects the confidentiality aspect of the CIA triad, as unauthorized parties can access sensitive system information that should remain protected. Organizations using Westermo WeOS 5 devices may face compliance violations under various regulatory frameworks including pci dss, iso 27001, and nist cybersecurity framework due to the exposure of authentication credentials through logging mechanisms. The attack surface is particularly wide given that these devices are commonly found in critical infrastructure environments where network security is paramount.

Mitigation strategies should focus on immediate configuration changes to disable or restrict verbose logging of sensitive information, implementing log filtering mechanisms, and ensuring proper access controls on system logs. Organizations should configure syslog settings to exclude authentication credentials from verbose logs, implement centralized log management with proper sanitization processes, and establish monitoring for anomalous log access patterns. The recommended approach includes applying vendor patches if available, configuring log rotation with sensitive data removal, and implementing network segmentation to limit access to logging systems. Security teams should also consider implementing intrusion detection systems that can identify suspicious log access attempts and establish regular audits of logging configurations to ensure sensitive data is not exposed through system outputs. Additionally, organizations should review their incident response procedures to address potential credential compromise scenarios and ensure proper network monitoring for unauthorized access attempts.

Responsible

MITRE

Reservation

07/20/2025

Disclosure

07/21/2025

Moderation

accepted

CPE

ready

EPSS

0.00303

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!