CVE-2025-54303
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-04

Last updated on: 2025-12-16

Assigner: MITRE

Description
The Thermo Fisher Torrent Suite Django application 5.18.1 has weak default credentials, which are stored as fixtures for the Django ORM API. The ionadmin user account can be used to authenticate to default deployments with the password ionadmin. The user guide recommends changing default credentials; however, a password change policy for default administrative accounts is not enforced. Many deployments may retain default credentials, in which case an attacker is likely to be able to successfully authenticate with administrative privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-04
Last Modified
2025-12-16
Generated
2026-06-16
AI Q&A
2025-12-04
EPSS Evaluated
2026-06-15
NVD
CVE-2025-54303
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
thermofisher torrent_suite_software 5.18.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1392 The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the Thermo Fisher Torrent Suite Django application version 5.18.1 having weak default credentials. Specifically, the ionadmin user account uses a default password 'ionadmin' stored as fixtures for the Django ORM API. Although the user guide recommends changing these default credentials, there is no enforced password change policy for default administrative accounts. As a result, many deployments may still use these default credentials, allowing attackers to authenticate with administrative privileges.

Impact Analysis

If the default credentials are not changed, an attacker can easily authenticate as an administrator using the ionadmin account. This grants them administrative privileges, potentially allowing unauthorized access, control, and manipulation of the application and its data.

Detection Guidance

This vulnerability can be detected by attempting to authenticate to the Thermo Fisher Torrent Suite Django application using the default credentials: username 'ionadmin' and password 'ionadmin'. Checking for the presence of the ionadmin user account with default password on deployments is key. Specific commands are not provided in the available information.

Mitigation Strategies

Immediate mitigation steps include changing the default credentials for the ionadmin user account to a strong, unique password. Since the application does not enforce a password change policy for default administrative accounts, manual password updates are necessary to prevent unauthorized administrative access.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-54303. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart