CVE-2025-6521

During the initial setup of the device the user connects to an access 
point broadcast by the Sight Bulb Pro. During the negotiation, AES 
Encryption keys are passed in cleartext. If captured, an attacker may be
 able to decrypt communications between the management app and the Sight
 Bulb Pro which may include sensitive information such as network 
credentials.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.6 HIGH
ADJACENT_NETWORK
LOW
HIGH
CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
icscertCNA
7.6 HIGH
ADJACENT_NETWORK
LOW
HIGH
CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://www.cisa.gov/news-events/ics-advisories/icsa-25-177-02
https://www.trendmakerscares.com/Customer-Service-Hours