PT-2025-49040 · Thermo Fisher+1 · Torrent Suite+1
Published
2025-12-04
·
Updated
2025-12-09
·
CVE-2025-54303
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Thermo Fisher Torrent Suite Django application version 5.18.1
Description
The application uses weak default credentials that are stored as fixtures for the Django ORM API. The
ionadmin user account can be used to authenticate to default deployments with the password ionadmin. While the user guide recommends changing default credentials, a password change policy is not enforced, potentially leaving many deployments vulnerable to unauthorized access with administrative privileges.Recommendations
Change the default password for the
ionadmin user account.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Django
Torrent Suite