CVE-2025-10285
📋 TL;DR
The Silicon Labs Simplicity Device Manager web interface exposes NTLMv2 authentication hashes to unauthenticated attackers when accessed publicly. This allows attackers to capture and potentially crack domain passwords. Organizations using this software with internet-facing interfaces are affected.
💻 Affected Systems
- Silicon Labs Simplicity Device Manager
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain domain administrator credentials, leading to full network compromise, data exfiltration, and ransomware deployment.
Likely Case
Attackers capture and crack weaker passwords, gaining initial access to internal systems for lateral movement.
If Mitigated
Limited to internal reconnaissance if proper network segmentation and monitoring are in place.
🎯 Exploit Status
Attack requires only web access to trigger NTLM authentication and hash capture.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific version
Vendor Advisory: https://community.silabs.com/a45Vm0000003UcfIAE
Restart Required: Yes
Instructions:
1. Review vendor advisory. 2. Download and apply latest patch. 3. Restart Simplicity Device Manager service. 4. Verify interface is no longer vulnerable.
🔧 Temporary Workarounds
Network Segmentation
allRestrict access to Simplicity Device Manager web interface to trusted networks only
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="TRUSTED_NETWORK" port port="PORT" protocol="tcp" accept'
netsh advfirewall firewall add rule name="Block Simplicity DM" dir=in action=block protocol=TCP localport=PORT remoteip=any
Disable NTLM Authentication
allConfigure system to use Kerberos or other authentication methods instead of NTLM
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name "LmCompatibilityLevel" -Value 5
echo "NTLM authentication disabled" > /etc/security/policy.conf
🧯 If You Can't Patch
- Implement strict network access controls to limit interface exposure
- Enable detailed logging and monitoring for authentication attempts
🔍 How to Verify
Check if Vulnerable:
Attempt to access the Simplicity Device Manager web interface from an untrusted network and check if NTLM authentication is triggeredCheck Version:
Check application version in web interface or consult vendor documentationVerify Fix Applied:
Verify the interface is no longer accessible from untrusted networks and NTLM authentication is disabled📡 Detection & Monitoring
Log Indicators:
- Multiple failed NTLM authentication attempts
- Unexpected access to Simplicity Device Manager web interface
Network Indicators:
- NTLM authentication traffic to Simplicity Device Manager from untrusted sources
- Port scanning targeting Simplicity Device Manager ports
SIEM Query:
source="simplicity_manager" AND (event_type="authentication" OR event_type="access") AND src_ip NOT IN trusted_networks