9.8

CVE-2025-63225

Exploit

EPSS 0.59%
Veröffentlicht 18.11.2025 00:00:00
Zuletzt bearbeitet 04.02.2026 20:54:01
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Eurolab ELTS100_UBX device (firmware version ELTS100v1.UBX) is vulnerable to Broken Access Control due to missing authentication on critical administrative endpoints. Attackers can directly access and modify sensitive system and network configurations, upload firmware, and execute unauthorized actions without any form of authentication. This vulnerability allows remote attackers to fully compromise the device, control its functionality, and disrupt its operation.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Eurolab-srl ≫ Elts 100 Firmware Versionelts100v1.ubx

Eurolab-srl ≫ Elts 100 Versione118

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.59%	0.686

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://eurolab-srl.com/

Product

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63225_Eurolab_ELTS100_UBX_Broken_Access_Control

Third Party Advisory

Exploit

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2025-63225

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-63225

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-63225

EUVD