The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user's domain password.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction Passive

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Silabs
  • Simplicity Device Manager

No data.

No data.

References
Link Providers
https://community.silabs.com/a45Vm0000003UcfIAE cve-icon cve-icon
History

Fri, 05 Dec 2025 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Silabs
Silabs simplicity Device Manager
Vendors & Products Silabs
Silabs simplicity Device Manager

Thu, 04 Dec 2025 21:45:00 +0000

Type Values Removed Values Added
Description The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user's domain password.
Title Simplcity Device Manager exposes NTLMv2 hash
Weaknesses CWE-200
References
Metrics cvssV4_0

{'score': 7.4, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}
cve-icon MITRE

Status: PUBLISHED

Assigner: Silabs

Published:

Updated: 2025-12-04T21:36:34.323Z

Reserved: 2025-09-11T16:29:00.831Z

Link: CVE-2025-10285

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2025-12-04T22:15:45.583

Modified: 2025-12-04T22:15:45.583

Link: CVE-2025-10285

cve-icon Redhat

No data.