CVE-2025-63210

Опубликовано: 19 нояб. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The Newtec Celox UHD (models: CELOXA504, CELOXA820) running firmware version celox-21.6.13 is vulnerable to an authentication bypass. An attacker can exploit this issue by modifying intercepted responses from the /celoxservice endpoint. By injecting a forged response body during the loginWithUserName flow, the attacker can gain Superuser or Operator access without providing valid credentials.

Ссылки

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63210_Newtec%20Celox%20UHD%20Authentication%20Bypass%20_%20Privilege%20Escalation
Exploit
Third Party Advisory
https://www.newtec.com/
Product

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:newtec:celoxa504_firmware:celox-21.6.13:*:*:*:*:*:*:*

cpe:2.3:h:newtec:celoxa504:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:newtec:celoxa820_firmware:celox-21.6.13:*:*:*:*:*:*:*

cpe:2.3:h:newtec:celoxa820:-:*:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00162

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-287

Связанные уязвимости

GHSA-m3w6-c4j9-5c65