CVE-2025-3321NVD

Vulnerability Summary

A predefined administrative account is not documented and cannot
be deactivated. This account cannot be misused from the network, only by local
users on the server.

Severity Level

CRITICAL(9.4)

Published Date

Jun 6, 2025

Last Modified

Jun 6, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-798: Use of Hard-coded Credentials ↗

The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

CVSS v4.0 Base Metrics

Attack VectorLocal

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

External References

https://www.bbraun.com/productsecurity

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-3321NVD

Vulnerability Summary

External References