CVE-2025-6260

Name of the Vulnerable Software and Affected Versions Network Thermostat X-Series WiFi Thermostats (affected versions not specified)

Description The embedded web server on the thermostat contains an issue that allows unauthenticated attackers, either on the local area network or from the Internet via a router with port forwarding, to gain direct access to the thermostat's embedded web server and reset user credentials by manipulating specific elements of the embedded web interface.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.