CVE-2025-64385

INCORRECT SECURITY VALIDATION IN SENDING UDP FRAMES

CVSS 9.2 CRITICALEPSS 0.5%CWE-20

Vexday Risk Score

28Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 9.2EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

31 oct 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturer’s software. Using the manufacturer's software, the device can be configured via UDP. Analyzing this communication, it has been observed that any aspect of the initial configuration can be changed by means of the device's MAC without the need for authentication.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:H

Productos afectados

Circutor · TCPRS1plus

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://cds.thalesgroup.com/es/s21sec https://circutor.com/productos/iot-industrial-y-automatizacion/conversores-y-pasarelas/product/D80010./https://www.hackrtu.com/blog/cg-0day-en-003/