Platform
linux
Component
siklu
Fixed in
10.0.1
CVE-2025-57175 describes a critical security vulnerability affecting Siklu EtherHaul 8010 devices. This vulnerability stems from the presence of a static, hardcoded root password, enabling unauthorized access to the device's management interface. The vulnerability impacts devices running version 10.6.2-18707-ea552dc00b, and a firmware update is required to remediate the issue.
The presence of a static root password on the Siklu EtherHaul 8010 presents a significant security risk. An attacker who discovers this password can gain complete administrative control over the device. This includes the ability to modify configurations, intercept network traffic, and potentially pivot to other systems on the network. The impact is particularly severe in environments where the EtherHaul 8010 is used as a critical component of the network infrastructure, as a compromise could lead to widespread disruption or data breaches. This vulnerability is analogous to other hardcoded credential exposures, which have historically been exploited to gain initial access to networks.
CVE-2025-57175 was published on 2026-04-08. The CVSS score is 6.4 (MEDIUM), indicating a moderate risk. There are currently no publicly known proof-of-concept exploits for this vulnerability. It is not listed on the CISA KEV catalog at the time of writing. The ease of exploitation is high due to the static password, but the lack of public exploits suggests limited active campaigns.
Exploit Status
EPSS
0.02% (6% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-57175 is to upgrade the Siklu EtherHaul 8010 firmware to a patched version. Siklu should release an updated firmware image that removes the static root password and enforces strong password policies. Until a patch is available, consider isolating the affected devices from external networks to limit the potential attack surface. Implement strict access controls and monitor device logs for any suspicious activity. After upgrading, verify the new password policy is enforced and that the default root account is disabled or has a strong, unique password.
Update the Siklu EtherHaul 8010 device firmware to a version that does not have a static root password. Refer to Siklu documentation or contact technical support for information on available firmware updates.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-57175 is a vulnerability in Siklu EtherHaul 8010 devices where a static root password allows unauthorized access. It has a MEDIUM severity rating and affects version 10.6.2-18707-ea552dc00b.
You are affected if you are using Siklu EtherHaul 8010 devices running version 10.6.2-18707-ea552dc00b and have not upgraded to a patched firmware.
The recommended fix is to upgrade the Siklu EtherHaul 8010 firmware to a patched version that removes the static root password. Consult Siklu's documentation for upgrade instructions.
Currently, there are no publicly known proof-of-concept exploits or confirmed active exploitation campaigns for CVE-2025-57175.
Refer to Siklu's official security advisories and documentation on their website for the latest information and updates regarding CVE-2025-57175.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.