CVEPublished 2026-03-16Modified 2026-05-190 articles on news5 live referencesNVD data

CVE-2025-15587

Vulnerability data via NVD (ingested)

CVSS v3.1
EPSS percentile
11
Exploit Prediction Scoring System · top 89% of all CVEs
Description

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's password by directly accessing a specific resource inaccessible via a graphical interface. This issue has been fixed in firmware versions: 1.36 (for tcPDU), 1.67 (for LK3.5 - hardware versions: 3.5, 3.6, 3.7 and 3.8), 1.75 (for LK3.9 - hardware version 3.9) and 1.38 (for LK4 - hardware version 4.0).

Timeline
Published 2026-03-16
Modified 2026-05-19

External references

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

More intel sources (5)

Known PoCs on GitHub

No public proof-of-concept repositories found for CVE-2025-15587 on GitHub.
We haven't classified any articles referencing CVE-2025-15587 yet. The external references above still apply.