CVE-2025-54756

Name of the Vulnerable Software and Affected Versions BrightSign players versions prior to 8.5.53.1 (series 4) BrightSign players versions prior to 9.0.166 (series 5)

Description BrightSign players utilize a default password that can be easily guessed if device information is known. This allows potential unauthorized access to the device. The latest releases address this issue for new installations.

Recommendations BrightSign players running series 4 versions prior to 8.5.53.1 should be updated to version 8.5.53.1 or later. BrightSign players running series 5 versions prior to 9.0.166 should be updated to version 9.0.166 or later. Users with older installations are advised to change all default passwords.