CVE-2025-52492

Name of the Vulnerable Software and Affected Versions: Paxton10 versions prior to 4.6 SR6

Description: A vulnerability has been discovered in the firmware of Paxton10, where the firmware file, rootfs.tar.gz, contains hard-coded credentials for the Twilio API. A remote attacker who obtains a copy of the firmware can extract these credentials, potentially gaining unauthorized access to the associated Twilio account. This could lead to information disclosure, potential service disruption, and unauthorized use of the Twilio services.

Recommendations: For versions prior to 4.6 SR6, update to version 4.6 SR6 or later to resolve the issue. As a temporary workaround, consider restricting access to the Twilio API until the update is applied. Avoid using the hard-coded credentials in the firmware file until the issue is resolved.