CVE-2025-6260 Network Thermostat X-Series WiFi Thermostats Missing Authentication for Critical Function

🗓️ 24 Jul 2025 20:53:17Reported by icscertType

Vulnerability in Network Thermostat X-Series allows unauthenticated access to user credentials

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-6260	24 Jul 202510:00	–	circl
CNNVD	Network Thermostat X-Series WiFi thermostats 访问控制错误漏洞	24 Jul 202500:00	–	cnnvd
CVE	CVE-2025-6260	24 Jul 202520:53	–	cve
EUVD	EUVD-2025-22544	3 Oct 202520:07	–	euvd
ICS	Network Thermostat X-Series WiFi Thermostats	24 Jul 202506:00	–	ics
NVD	CVE-2025-6260	24 Jul 202521:15	–	nvd
Positive Technologies	PT-2025-30692 · Unknown · Network Thermostat X-Series	24 Jul 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-6260	26 Jul 202521:23	–	redhatcve
Vulnrichment	CVE-2025-6260 Network Thermostat X-Series WiFi Thermostats Missing Authentication for Critical Function	24 Jul 202520:53	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "X-Series WiFi thermostats",
    "vendor": "Network Thermostat",
    "versions": [
      {
        "lessThan": "4.6",
        "status": "affected",
        "version": "v4.5",
        "versionType": "custom"
      },
      {
        "lessThan": "v9.46",
        "status": "affected",
        "version": "v9.6",
        "versionType": "custom"
      },
      {
        "lessThan": "v10.29",
        "status": "affected",
        "version": "v10.1",
        "versionType": "custom"
      },
      {
        "lessThan": "v11.5",
        "status": "affected",
        "version": "v11.1",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
cisa	www.cisa.gov/news-events/ics-advisories/icsa-25-205-02

24 Jul 2025 20:53Current

CVSS 49.3

CVSS 3.19.8

EPSS0.00716

CWE-306