BrightSign%20OS%20series%204%20players

BrightSign OS series 4 players

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-54756

Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)

View Details

Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)

CVSS Score-8.6||HIGH

EPSS-Not Assigned

Published-12 Feb, 2026 | 16:34

Updated-12 Feb, 2026 | 18:45

BrightSign Players Use of Default Credentials

BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable with knowledge of the device information. The latest release fixes this issue for new installations; users of old installations are encouraged to change all default passwords.

Vendor-BrightSign

Product-BrightSign OS series 4 players BrightSign OS series 5 players

CWE ID-CWE-1392

Use of Default Credentials

CVE-2025-3925

Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)

View Details

Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)

CVSS Score-8.5||HIGH

EPSS-0.03% / 8.27%

7 Day CHG~0.00%

Published-07 May, 2025 | 20:18

Updated-08 May, 2025 | 14:39

BrightSign Players Execution with Unnecessary Privileges

BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 contain an execution with unnecessary privileges vulnerability, allowing for privilege escalation on the device once code execution has been obtained.

Vendor-BrightSign

Product-BrightSign OS series 5 players BrightSign OS series 4 players

CWE ID-CWE-250

Execution with Unnecessary Privileges