CVE-2025-54303
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-54303, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-04

Last updated on: 2025-12-16

Assigner: MITRE

Description

The Thermo Fisher Torrent Suite Django application 5.18.1 has weak default credentials, which are stored as fixtures for the Django ORM API. The ionadmin user account can be used to authenticate to default deployments with the password ionadmin. The user guide recommends changing default credentials; however, a password change policy for default administrative accounts is not enforced. Many deployments may retain default credentials, in which case an attacker is likely to be able to successfully authenticate with administrative privileges.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-04
Last Modified
2025-12-16
Generated
2026-07-06
AI Q&A
2025-12-04
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
thermofisher torrent_suite_software 5.18.1

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1392 The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves the Thermo Fisher Torrent Suite Django application version 5.18.1 having weak default credentials. Specifically, the ionadmin user account uses a default password 'ionadmin' stored as fixtures for the Django ORM API. Although the user guide recommends changing these default credentials, there is no enforced password change policy for default administrative accounts. As a result, many deployments may still use these default credentials, allowing attackers to authenticate with administrative privileges.

Impact Analysis

If the default credentials are not changed, an attacker can easily authenticate as an administrator using the ionadmin account. This grants them administrative privileges, potentially allowing unauthorized access, control, and manipulation of the application and its data.

Detection Guidance

This vulnerability can be detected by attempting to authenticate to the Thermo Fisher Torrent Suite Django application using the default credentials: username 'ionadmin' and password 'ionadmin'. Checking for the presence of the ionadmin user account with default password on deployments is key. Specific commands are not provided in the available information.

Mitigation Strategies

Immediate mitigation steps include changing the default credentials for the ionadmin user account to a strong, unique password. Since the application does not enforce a password change policy for default administrative accounts, manual password updates are necessary to prevent unauthorized administrative access.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-54303. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart