CVE-2025-2002
low-risk
Published 2025-03-12
CWE-532: Insertion of Sensitive Information into Log Files vulnerability exists that could cause the disclosure of FTP server credentials when the FTP server is deployed, and the device is placed in debug mode by an administrative user and the debug files are exported from the device.
Do I need to act?
-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.0/10
Medium
LOCAL
/ LOW complexity
25
/ 100
low-risk
Severity
20/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal