PT-2025-25412 · Openc3 · Openc3 Cosmos
Published
2025-06-13
·
Updated
2025-10-27
·
CVE-2025-28381
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OpenC3 COSMOS version 6.0.0
Description
A credential leak in OpenC3 COSMOS allows attackers to access service credentials as environment variables stored in all containers. This issue is related to the cleartext storage of sensitive information in an environment variable.
Recommendations
For OpenC3 COSMOS version 6.0.0, consider removing or securing the environment variables that store service credentials to prevent unauthorized access. As a temporary workaround, restrict access to the containers to minimize the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openc3 Cosmos