CVE-2025-1710 – CVE-2025-1710 is an authentication brute-force ... (How to Fix)

Q: What is the severity of CVE-2025-1710?

CVE-2025-1710 has a CVSS score of 7.5 (HIGH). CVE-2025-1710 is an authentication brute-force vulnerability in maxView Storage Manager that allows attackers to guess credentials through repeated login attempts. This affects organizations using vulnerable versions of the software for storage management. Successful exploitation could lead to unauthorized access to storage management systems.

📋 TL;DR

CVE-2025-1710 is an authentication brute-force vulnerability in maxView Storage Manager that allows attackers to guess credentials through repeated login attempts. This affects organizations using vulnerable versions of the software for storage management. Successful exploitation could lead to unauthorized access to storage management systems.

💻 Affected Systems

Products:

maxView Storage Manager

Versions: Specific versions not detailed in CVE; all versions lacking brute-force protection mechanisms

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments without additional authentication rate-limiting controls are vulnerable.

📦 What is this software?

Meac300 Fnade4 Firmware by Endress

View all CVEs affecting Meac300 Fnade4 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of storage management system leading to data manipulation, configuration changes, or denial of service to storage infrastructure.

🟠

Likely Case

Unauthorized access to storage management interface allowing configuration changes, performance monitoring access, and potential data exposure.

🟢

If Mitigated

Failed login attempts logged but no successful authentication achieved.

🌐 Internet-Facing: HIGH - Internet-facing instances are directly exposed to automated brute-force attacks from anywhere.

🏢 Internal Only: MEDIUM - Internal instances are still vulnerable to insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires only standard authentication interface access and automated tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified

Vendor Advisory: https://sick.com/psirt

Restart Required: No

Instructions:

1. Monitor vendor advisory for patch release. 2. Apply patch when available. 3. Verify authentication rate limiting is functional.

🔧 Temporary Workarounds

Network-based rate limiting

all

Implement network-level rate limiting for authentication requests using firewall or load balancer

IP-based access restrictions

all

Restrict access to maxView Storage Manager to trusted IP ranges only

🧯 If You Can't Patch

Implement strong password policies and multi-factor authentication
Monitor authentication logs for brute-force patterns and implement alerting

🔍 How to Verify

Check if Vulnerable:

Test authentication interface with rapid consecutive failed login attempts from same source IP

Check Version:

Check maxView Storage Manager version in web interface or configuration files

Verify Fix Applied:

Verify failed login attempts are blocked or delayed after configured threshold

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts from same IP address within short time frame
Authentication logs showing pattern of credential guessing

Network Indicators:

High volume of POST requests to authentication endpoints
Traffic patterns showing repeated authentication attempts

SIEM Query:

source="maxview" AND event_type="authentication_failure" | stats count by src_ip | where count > 10

📊 Metadata

CVE ID: CVE-2025-1710

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-307

EPSS Score: 0.15% exploit probability (34.9th percentile)

Published: July 3, 2025

Last Updated: February 6, 2026

🔗 References

https://sick.com/psirt Vendor Advisory
https://sick.com/psirt Vendor Advisory
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices US Government Resource
https://www.endress.com Product
https://www.first.org/cvss/calculator/3.1 Not Applicable
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.json Vendor Advisory
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1710, you might also want to check these: