CVE-2025-28235

Name of the Vulnerable Software and Affected Versions Soundcraft Ui Series Model(s) Ui12 and Ui16 Firmware versions 1.0.5x through 1.0.7x

Description An information disclosure issue in the /socket.io/1/websocket/ component allows attackers to access Administrator credentials in plaintext.

Recommendations For Firmware versions 1.0.5x through 1.0.7x, consider restricting access to the /socket.io/1/websocket/ endpoint until a patch is available. As a temporary workaround, avoid using the Administrator credentials in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.