CVE-2025-64385

INCORRECT SECURITY VALIDATION IN SENDING UDP FRAMES

CVSS 9.2 CRITICALEPSS 0.5%CWE-20

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 9.2EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

31 Oct 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturer’s software. Using the manufacturer's software, the device can be configured via UDP. Analyzing this communication, it has been observed that any aspect of the initial configuration can be changed by means of the device's MAC without the need for authentication.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:H

Affected products

Circutor · TCPRS1plus

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://cds.thalesgroup.com/es/s21sec https://circutor.com/productos/iot-industrial-y-automatizacion/conversores-y-pasarelas/product/D80010./https://www.hackrtu.com/blog/cg-0day-en-003/