Multiple vulnerabilities reportd in Optigo Networks Visual BACnet Tools, one critical
Take action: If you are running Visual BACnet Capture Tool, or Optigo Visual Networks Capture Tool, make sure it's isolated from the internet and accessible only from trusted networks. Then apply the relevant patches, some of the vulnerabilities are quite embarrassing and easily exploited.
Learn More
Optigo Networks has addressed multiple security vulnerabilities in their Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool products. These vulnerabilities include critical security flaws that could allow remote attackers to bypass authentication and gain control over affected systems.
Vulnerability summary
- CVE-2025-2080 (CVSS score 9.3) - Authentication Bypass Using an Alternate Path or Channel. The affected products contain an exposed web management service that could allow an attacker to bypass authentication measures and gain control over utilities within the products.
- CVE-2025-2079 (CVSS score 8.7) - Use of Hard-coded, Security-relevant Constants. These products contain a hard-coded secret key that could allow an attacker to generate valid JWT (JSON Web Token) sessions.
- CVE-2025-2081 (CVSS score 8.7) - Use of Hard-coded, Security-relevant Constants. This vulnerability could allow an attacker to impersonate the web application service and mislead victim clients.
The following versions are affected:
- Visual BACnet Capture Tool: Version 3.1.2rc11
- Optigo Visual Networks Capture Tool: Version 3.1.2rc11
Optigo Networks recommends upgrading to the following patched versions:
- Visual BACnet Capture Tool: Version v3.1.3rc8
- Optigo Visual Networks Capture Tool: Version v3.1.3rc8
No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.
