ARC Solo vulnerability allows unauthenticated device takeover

Threat: Vulnerability

Targeted Region: Global

Targeted Sector: Technology & IT

Criticality: Critical

EXECUTIVE SUMMARY:
A critical authentication bypass vulnerability CVE-2025-5095 has been identified in ARC Solo broadcasting devices, with a high CVSS v3 score of 9.8, underscoring its severity. The issue stems from the device’s password-change feature, which fails to perform proper authentication or session validation—allowing attackers to submit password change requests over HTTP without any credentials and effectively take control of the device. Exploiting this flaw could enable unauthorized access, lock out legitimate administrators, and disrupt broadcasting operation.

RECOMMENDATION:
We recommend you update to ARC Solo v1.0.62 or later.

REFERENCES:
The following reports contain further technical details:
https://securityonline.info/cve-2025-5095-cvss-9-8-critical-flaw-in-arc-solo-broadcasting-devices-allows-unauthenticated-takeover/

Recent Advisories

Cisco ISE Vulnerability Enables Unauthenticated Denial-of-Service Attacks

November 7, 2025

OCI runc Container Escape Vulnerabilities Allow Host Compromise

November 7, 2025

NVIDIA NVApp Vulnerability Exposes Windows Systems to Local Privilege Escalation Attacks

November 6, 2025

Critical Unified CCX vulnerabilities allow code execution and administrative control

November 6, 2025

ARC Solo vulnerability allows unauthenticated device takeover

Recent Advisories

Report an Incident