{"id":86586,"date":"2026-03-02T03:29:56","date_gmt":"2026-03-02T03:29:56","guid":{"rendered":""},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-30T06:00:00","slug":"cve-2025-52492-hard-coded-credentials-vulnerability-in-paxton-paxton10-firmware","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-52492-hard-coded-credentials-vulnerability-in-paxton-paxton10-firmware\/","title":{"rendered":"<strong>CVE-2025-52492: Hard-Coded Credentials Vulnerability in Paxton Paxton10 Firmware<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>This report discusses CVE-2025-52492, a critical vulnerability discovered in the firmware of Paxton Paxton10 versions prior to 4.6 SR6. This vulnerability is of significant concern as it could potentially lead to unauthorized access, information disclosure, and disruption of services. The vulnerability lies in the hard-coded credentials for the Twilio API found in the firmware file, rootfs.tar.gz.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-52492<br \/>\nSeverity: High (7.5 CVSS Score)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: None<br \/>\nImpact: Unauthorized access, information disclosure, potential service disruption, and unauthorized use of Twilio services.<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-299160738\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>Paxton Paxton10 Firmware | Versions before 4.6 SR6<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>An attacker who obtains a copy of the vulnerable firmware can extract the hard-coded credentials for the Twilio API. These credentials can then be used to gain unauthorized access to the associated Twilio account. This could lead to a variety of impacts, including information disclosure, potential service disruption, and unauthorized use of the Twilio services.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-297728268\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>Consider an attacker obtaining a copy of the firmware and running the following command to extract the hard-coded credentials:<\/p>\n<pre><code class=\"\" data-line=\"\">tar -xvf rootfs.tar.gz | grep -i &#039;Twilio&#039;<\/code><\/pre>\n<p>This command would extract the contents of the firmware file and search for any instances of &#8216;Twilio&#8217;, potentially revealing the hard-coded credentials.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview This report discusses CVE-2025-52492, a critical vulnerability discovered in the firmware of Paxton Paxton10 versions prior to 4.6 SR6. This vulnerability is of significant concern as it could potentially lead to unauthorized access, information disclosure, and disruption of services. The vulnerability lies in the hard-coded credentials for the Twilio API found in the firmware [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[],"tags":[],"vendor":[],"product":[],"attack_vector":[],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-86586","post","type-post","status-publish","format-standard","hentry"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/86586","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=86586"}],"version-history":[{"count":0,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/86586\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=86586"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=86586"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=86586"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=86586"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=86586"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=86586"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=86586"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=86586"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=86586"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}