Main Vulnerability Database SB2025061139

SB2025061139 - Multiple vulnerabilities in SinoTrack GPS Receiver

Published: June 11, 2025

Security Bulletin ID SB2025061139

Severity

High

Patch available

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improper Authentication (CVE-ID: CVE-2025-5484)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the use of weak authentication mechanisms in the SinoTrack device management interface. A remote attacker can obtain credentials and gain unauthorized access to the target device.

2) Observable Response Discrepancy (CVE-ID: CVE-2025-5485)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the observable response discrepancy issue. A remote attacker can determine whether an account exists.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-160-01