What is CVE-2025-5095 and how severe is it?

CVE-2025-5095 has a CVSS score of 9.3, making it critically severe. It's classified as a Missing Authentication for Critical Function vulnerability that affects Burk Technology's ARC Solo monitoring and control devices used in broadcasting facilities.

What can attackers do with this ARC Solo vulnerability?

Successful exploitation of this vulnerability could result in an attacker gaining access to the device, locking out authorized users, or disrupting operations. Since these devices are used for broadcasting control, the impact could affect critical broadcasting infrastructure.

Where can organizations download the patch for ARC Solo devices?

The upgrade to Version v1.0.62 or later can be downloaded from the Burk Technology website. Organizations should visit the official Burk Technology support portal to access the latest firmware updates.

Why is network isolation important for ARC Solo devices?

Since the vulnerability allows unauthenticated password changes, network isolation becomes critical to prevent unauthorized access. Placing these devices behind firewalls and isolating them from business networks reduces the attack surface and prevents external exploitation of the vulnerability.

What industries use Burk Technology ARC Solo devices?

ARC Solo monitoring and control devices are primarily used in broadcasting facilities worldwide. These devices serve as critical infrastructure for television and radio broadcasting operations, making the security vulnerability particularly concerning for media and communications sectors.

What should broadcasting facilities do immediately about this ARC Solo vulnerability?

Broadcasting facilities should immediately update their ARC Solo devices to Version v1.0.62 or later, ensure the devices are not accessible from the internet, implement proper firewall protection, and isolate control system networks from business networks to prevent exploitation.

What makes this ARC Solo vulnerability particularly dangerous?

The vulnerability is particularly dangerous because it requires no authentication to change passwords, meaning attackers can easily lock out legitimate users and gain control of critical broadcasting infrastructure. The high CVSS score of 9.3 reflects the severe impact this could have on broadcasting operations.

Advisory

Critical authentication bypass flaw in Burk Technology ARC Solo Devices

Q: What systems are affected by CVE-2025-5095?

The vulnerability affects Burk Technology's ARC Solo monitoring and control devices, which are primarily used in broadcasting facilities worldwide for monitoring and controlling broadcasting equipment and infrastructure.

published: Aug. 7, 2025

Take action: If you use Burk ARC Solo monitoring devices in your broadcasting facilities, make sure they are isolated from the internet and accessible from trusted networks only. Then plan an update them to version v1.0.62 or later, because it's fairly trivial to reset the device password and hijack the device.

Learn More

Burk Technology has addressed a critical vulnerability in its ARC Solo monitoring and control devices, which are primarily used in broadcasting facilities worldwide.

The vulnerability is tracked as CVE-2025-5095 (CVSS score 9.3), Missing Authentication for Critical Function. A password change request can be sent directly to the device's HTTP endpoint without providing valid credentials. The system does not enforce authentication or session validation, allowing the password change to proceed without verifying the request's legitimacy.

Successful exploitation of this vulnerability could result in an attacker gaining access to the device, locking out authorized users, or disrupting operations.

Burk Technology recommends users update their ARC Solo devices to Version v1.0.62 or later. The upgrade can be downloaded from the Burk Technology website.

Organizations operating ARC Solo devices should minimize network exposure for all control system devices, and ensure they are not accessible from the internet. Control system networks and remote devices should be located behind firewalls and isolated from business networks.

Critical authentication bypass flaw in Burk Technology ARC Solo Devices

Read More
Multiple vulnerabilities reported in Hitachi Energy Asset Suite, …
Schneider Electric reports critical flaw in Modicon Programmable …
CISA reports actively exploited of vulnerability in Avtech …
Critical authentication vulnerabilities reported in Radiometrics VizAir aviation …
Unitronics fixes multiple critical issues in Unistream and …