{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T04:47:21.408","vulnerabilities":[{"cve":{"id":"CVE-2025-54816","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2026-01-22T23:15:49.953","lastModified":"2026-02-02T19:56:13.070","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"This vulnerability occurs when a WebSocket endpoint does not enforce \nproper authentication mechanisms, allowing unauthorized users to \nestablish connections. As a result, attackers can exploit this weakness \nto gain unauthorized access to sensitive data or perform unauthorized \nactions. Given that no authentication is required, this can lead to \nprivilege escalation and potentially compromise the security of the \nentire system."},{"lang":"es","value":"Esta vulnerabilidad ocurre cuando un endpoint WebSocket no aplica mecanismos de autenticación adecuados, permitiendo a usuarios no autorizados establecer conexiones. Como resultado, los atacantes pueden explotar esta debilidad para obtener acceso no autorizado a datos sensibles o realizar acciones no autorizadas. Dado que no se requiere autenticación, esto puede llevar a una escalada de privilegios y potencialmente comprometer la seguridad de todo el sistema."}],"metrics":{"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":9.4,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":5.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:evmapa:evmapa:*:*:*:*:*:*:*:*","matchCriteriaId":"8C85ACDB-38D2-4466-9206-529F45F4720E"}]}]}],"references":[{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-022-08.json","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory"]},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-08","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]}]}}]}