{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2185", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2025-03-10T19:07:16.013Z", "datePublished": "2025-04-24T23:22:35.146Z", "dateUpdated": "2025-04-25T16:02:29.038Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Net.Time - PTP/NTP clock (Serial No. NBC0081P)", "vendor": "ALBEDO Telecom", "versions": [{"status": "affected", "version": "1.4.4"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Khalid Markar, Parul Sindhwad & Dr. Faruk Kazi from CoE-CNDS Lab reported this vulnerability to CISA."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "ALBEDO Telecom Net.Time - PTP/NTP clock (Serial No. NBC0081P) software release 1.4.4 is vulnerable to an insufficient session expiration vulnerability, which\n could permit an attacker to transmit passwords over unencrypted \nconnections, resulting in the product becoming vulnerable to \ninterception."}], "value": "ALBEDO Telecom Net.Time - PTP/NTP clock (Serial No. NBC0081P) software release 1.4.4 is vulnerable to an insufficient session expiration vulnerability, which\n could permit an attacker to transmit passwords over unencrypted \nconnections, resulting in the product becoming vulnerable to \ninterception."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.5, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-613", "description": "CWE-613 Insufficient Session Expiration", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-04-24T23:22:35.146Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-02"}, {"url": "https://www.albedotelecom.com/contactus.php"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>ALBEDO Telecom has identified the following mitigations users can apply to reduce risk:</p>\n<ul>\n<li>Net.Time - PTP/NTP clock (Serial No. NBC0081P) Software release 1.4.4: Update to v1.6.1</li>\n</ul>\n<p>For more information, please <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.albedotelecom.com/contactus.php\">contact ALBEDO Telecom.</a></p>\n\n<br>"}], "value": "ALBEDO Telecom has identified the following mitigations users can apply to reduce risk:\n\n\n\n * Net.Time - PTP/NTP clock (Serial No. NBC0081P) Software release 1.4.4: Update to v1.6.1\n\n\n\n\nFor more information, please contact ALBEDO Telecom. https://www.albedotelecom.com/contactus.php"}], "source": {"advisory": "ICSA-25-114-02", "discovery": "EXTERNAL"}, "title": "ALBEDO Telecom Net.Time - PTP/NTP Clock Insufficient Session Expiration", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-25T15:38:52.881020Z", "id": "CVE-2025-2185", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-25T16:02:29.038Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2185", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-25T15:38:52.881020Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-25T15:38:54.417Z"}}], "cna": {"title": "ALBEDO Telecom Net.Time - PTP/NTP Clock Insufficient Session Expiration", "source": {"advisory": "ICSA-25-114-02", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Khalid Markar, Parul Sindhwad & Dr. Faruk Kazi from CoE-CNDS Lab reported this vulnerability to CISA."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ALBEDO Telecom", "product": "Net.Time - PTP/NTP clock (Serial No. NBC0081P)", "versions": [{"status": "affected", "version": "1.4.4"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "ALBEDO Telecom has identified the following mitigations users can apply to reduce risk:\n\n\n\n * Net.Time - PTP/NTP clock (Serial No. NBC0081P) Software release 1.4.4: Update to v1.6.1\n\n\n\n\nFor more information, please contact ALBEDO Telecom. https://www.albedotelecom.com/contactus.php", "supportingMedia": [{"type": "text/html", "value": "<p>ALBEDO Telecom has identified the following mitigations users can apply to reduce risk:</p>\n<ul>\n<li>Net.Time - PTP/NTP clock (Serial No. NBC0081P) Software release 1.4.4: Update to v1.6.1</li>\n</ul>\n<p>For more information, please <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.albedotelecom.com/contactus.php\">contact ALBEDO Telecom.</a></p>\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-02"}, {"url": "https://www.albedotelecom.com/contactus.php"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "ALBEDO Telecom Net.Time - PTP/NTP clock (Serial No. NBC0081P) software release 1.4.4 is vulnerable to an insufficient session expiration vulnerability, which\n could permit an attacker to transmit passwords over unencrypted \nconnections, resulting in the product becoming vulnerable to \ninterception.", "supportingMedia": [{"type": "text/html", "value": "ALBEDO Telecom Net.Time - PTP/NTP clock (Serial No. NBC0081P) software release 1.4.4 is vulnerable to an insufficient session expiration vulnerability, which\n could permit an attacker to transmit passwords over unencrypted \nconnections, resulting in the product becoming vulnerable to \ninterception.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-613", "description": "CWE-613 Insufficient Session Expiration"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-04-24T23:22:35.146Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2185", "state": "PUBLISHED", "dateUpdated": "2025-04-25T16:02:29.038Z", "dateReserved": "2025-03-10T19:07:16.013Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2025-04-24T23:22:35.146Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "ALBEDO Telecom Net.Time - PTP/NTP clock (Serial No. NBC0081P) software release 1.4.4 is vulnerable to an insufficient session expiration vulnerability, which\n could permit an attacker to transmit passwords over unencrypted \nconnections, resulting in the product becoming vulnerable to \ninterception."}, {"lang": "es", "value": "El software de reloj PTP/NTP ALBEDO Telecom Net.Time - versi\u00f3n 1.4.4 (n\u00famero de serie NBC0081P) es vulnerable a una vulnerabilidad de expiraci\u00f3n de sesi\u00f3n insuficiente, que podr\u00eda permitir a un atacante transmitir contrase\u00f1as a trav\u00e9s de conexiones no cifradas, lo que hace que el producto se vuelva vulnerable a la interceptaci\u00f3n."}], "id": "CVE-2025-2185", "lastModified": "2025-04-29T13:52:28.490", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2025-04-25T00:15:15.340", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://www.albedotelecom.com/contactus.php"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-613"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}

{}