CVE-2025-63225

CRITICAL

9.8

Description

The Eurolab ELTS100_UBX device (firmware version ELTS100v1.UBX) is vulnerable to Broken Access Control due to missing authentication on critical administrative endpoints. Attackers can directly access and modify sensitive system and network configurations, upload firmware, and execute unauthorized actions without any form of authentication. This vulnerability allows remote attackers to fully compromise the device, control its functionality, and disrupt its operation.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie11/18/2025

Derniere modification2/4/2026

Sourcenvd

Observations honeypot0

Produits affectes

eurolab-srl:elts_100eurolab-srl:elts_100_firmware

Faiblesses (CWE)

CWE-284

References

http://eurolab-srl.com/(cve@mitre.org)

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63225_Eurolab_ELTS100_UBX_Broken_Access_Control(cve@mitre.org)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.