CVE-2025-9589
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-28

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was determined in Cudy WR1200EA 2.3.7-20250113-121810. Affected is an unknown function of the file /etc/shadow. Executing manipulation can lead to use of default password. The attack needs to be launched locally. A high complexity level is associated with this attack. The exploitability is told to be difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-28
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-08-29
EPSS Evaluated
2026-06-15
NVD
CVE-2025-9589
EUVD
EUVD-2025-26151
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cudy wr1200ea 2.3.7
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1393 The product uses default passwords for potentially critical functionality.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Cudy WR1200EA device version 2.3.7-20250113-121810, specifically related to an unknown function involving the /etc/shadow file. An attacker with local access can manipulate the system to cause it to use a default password. The attack is complex and difficult to exploit, but the exploit has been publicly disclosed and may be used.

Impact Analysis

If exploited, this vulnerability could allow an attacker with local access to bypass normal authentication by causing the system to use a default password. This could lead to unauthorized access to the device or system, potentially compromising security.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9589. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart