Weak Password Requirements

CVE-2025-28389

High

9.8/10

Summary

Weak password requirements in OpenC3 COSMOS allow attackers to bypass authentication through Brute-Force attacks. This issue affects versions 5.0.0 and after.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-521 - Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

References

Advisory
POC/Exploit

Advisory Timeline

Published Jun 13, 2025

Weak Password Requirements

CVE-2025-28389

Summary

CWE-521 - Weak Password Requirements

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS