CVE-2025-26408

low-risk

Published 2025-02-11

The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. This enables an attacker to extract information, modify and debug the device's firmware. All known versions are affected.

Do I need to act?

0.16% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.1/10 Medium

PHYSICAL / LOW complexity

References (3)

https://r.sec-consult.com/wattsense

https://support.wattsense.com/hc/en-150/articles/13366066529437-Release-Notes

http://seclists.org/fulldisclosure/2025/Feb/9

/ 100

low-risk

Severity 20/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal