CVE-2025-63225

CRITICAL

9.8

Beschreibung

The Eurolab ELTS100_UBX device (firmware version ELTS100v1.UBX) is vulnerable to Broken Access Control due to missing authentication on critical administrative endpoints. Attackers can directly access and modify sensitive system and network configurations, upload firmware, and execute unauthorized actions without any form of authentication. This vulnerability allows remote attackers to fully compromise the device, control its functionality, and disrupt its operation.

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht11/18/2025

Zuletzt geandert2/4/2026

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

eurolab-srl:elts_100eurolab-srl:elts_100_firmware

Schwachen (CWE)

CWE-284

Referenzen

http://eurolab-srl.com/(cve@mitre.org)

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63225_Eurolab_ELTS100_UBX_Broken_Access_Control(cve@mitre.org)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.