Vulnerability Details CVE-2025-28381
A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.4%
CVSS Severity
CVSS v3 Score 7.5
References
- https://github.com/OpenC3/cosmos/pull/1816
- https://github.com/OpenC3/cosmos/pull/1816/commits/cce64c213fd2e6a70e2ccbf3622949fe8f9dcaef
- https://github.com/OpenC3/cosmos/releases/tag/v6.0.2
- https://openc3.com/
- https://visionspace.com/openc3-cosmos-a-security-assessment-of-an-open-source-mission-framework/