CVE•Published 2026-03-16•Modified 2026-05-19•0 articles on news•5 live references•NVD data
CVE-2025-15587
Vulnerability data via NVD (ingested)
CVSS v3.1
—
EPSS percentile
11
Exploit Prediction Scoring System · top 89% of all CVEs
Weaknesses (CWE)
Description
Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has been fixed in firmware versions: 1.36 (for tcPDU), 1.67 (for LK3.5 - hardware versions: 3.5, 3.6, 3.7 and 3.8), 1.75 (for LK3.9 - hardware version 3.9) and 1.38 (for LK4 - hardware version 4.0).
Timeline
Published 2026-03-16
Modified 2026-05-19
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
More intel sources (5)
Shodan report
vuln:CVE-2025-15587Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2025-15587Censys host search filtered to this CVE id.
grep.app
CVE-2025-15587Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2025-15587GitHub code search for direct mentions.
Google dork
"CVE-2025-15587" exploit -site:nvd.nist.govWrite-ups and news, NVD excluded.
Known PoCs on GitHub
No public proof-of-concept repositories found for CVE-2025-15587 on GitHub.
We haven't classified any articles referencing CVE-2025-15587 yet. The external references above still apply.