CVE-2025-67013

Exploit

EPSS 0.01%
Veröffentlicht 26.12.2025 00:00:00
Zuletzt bearbeitet 02.01.2026 16:10:39
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery (CSRF) protection mechanisms (no tokens, no Origin/Referer validation) on critical configuration endpoints.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Etlsystems ≫ D0116s1ula-22454 Firmware Version1.8

Etlsystems ≫ D0116s1ula-22454 Version-

Etlsystems ≫ D0116s1uia-22474 Firmware Version1.8

Etlsystems ≫ D0116s1uia-22474 Version-

Etlsystems ≫ C0401s1ula-22418 Firmware Version1.8

Etlsystems ≫ C0401s1ula-22418 Version-

Etlsystems ≫ C0801s1ula-22420 Firmware Version1.8

Etlsystems ≫ C0801s1ula-22420 Version-

Etlsystems ≫ C1601s1ula-22422 Firmware Version1.8

Etlsystems ≫ C1601s1ula-22422 Version-

Etlsystems ≫ C0401s1ula-22455 Firmware Version1.8

Etlsystems ≫ C0401s1ula-22455 Version-

Etlsystems ≫ C0801s1ula-22457 Firmware Version1.8

Etlsystems ≫ C0801s1ula-22457 Version-

Etlsystems ≫ C1601s1ula-22459 Firmware Version1.8

Etlsystems ≫ C1601s1ula-22459 Version-

Etlsystems ≫ C1601s1uia-22479 Firmware Version1.8

Etlsystems ≫ C1601s1uia-22479 Version-

Etlsystems ≫ D0104d1ula-22411 Firmware Version1.8

Etlsystems ≫ D0104d1ula-22411 Version-

Etlsystems ≫ D0108d1ula-22413 Firmware Version1.8

Etlsystems ≫ D0108d1ula-22413 Version-

Etlsystems ≫ D0104d1ula-22451 Firmware Version1.8

Etlsystems ≫ D0104d1ula-22451 Version-

Etlsystems ≫ D0108d1ula-22453 Firmware Version1.8

Etlsystems ≫ D0108d1ula-22453 Version-

Etlsystems ≫ D0108d1uia-22473 Firmware Version1.8

Etlsystems ≫ D0108d1uia-22473 Version-

Etlsystems ≫ C0401d1ula-22419 Firmware Version1.8

Etlsystems ≫ C0401d1ula-22419 Version-

Etlsystems ≫ C0801d1ula-22421 Firmware Version1.8

Etlsystems ≫ C0801d1ula-22421 Version-

Etlsystems ≫ C0401d1ula-22456 Firmware Version1.8

Etlsystems ≫ C0401d1ula-22456 Version-

Etlsystems ≫ C0801d1ula-22458 Firmware Version1.8

Etlsystems ≫ C0801d1ula-22458 Version-

Etlsystems ≫ C0401d1uia-22476 Firmware Version1.8

Etlsystems ≫ C0401d1uia-22476 Version-

Etlsystems ≫ H0108d1ula-22431 Firmware Version1.8

Etlsystems ≫ H0108d1ula-22431 Version-

Etlsystems ≫ H0104d1ula-22460 Firmware Version1.8

Etlsystems ≫ H0104d1ula-22460 Version-

Etlsystems ≫ H0108d1ula-22461 Firmware Version1.8

Etlsystems ≫ H0108d1ula-22461 Version-

Etlsystems ≫ D0104s1ula-22410 Firmware Version1.8

Etlsystems ≫ D0104s1ula-22410 Version-

Etlsystems ≫ D0108s1ula-22412 Firmware Version1.8

Etlsystems ≫ D0108s1ula-22412 Version-

Etlsystems ≫ D0116s1ula-22414 Firmware Version1.8

Etlsystems ≫ D0116s1ula-22414 Version-

Etlsystems ≫ D0104s1ula-22450 Firmware Version1.8

Etlsystems ≫ D0104s1ula-22450 Version-

Etlsystems ≫ D0108s1ula-22452 Firmware Version1.8

Etlsystems ≫ D0108s1ula-22452 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.007

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://www.etlsystems.com/

Product

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-67013%20_%20ETL%20Systems%20Ltd%20DEXTRA%20Series%20_%20CSRF

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-67013

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-67013

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-67013

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-67013