CVE-2025-53914
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-09-12
Assigner: Fluid Attacks
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| calix | gigacenter_ont | 844e |
| calix | gigacenter_ont | 812g |
| calix | gigacenter_ont | 844g |
| calix | gigacenter_ont | 818g |
| calix | gigacenter_ont | 844ge |
| calix | gigacenter_ont | 854ge |
| calix | gigacenter_ont | 813g |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-53914 is a critical firmware vulnerability in Calix GigaCenter ONT devices that use Broadcom SoC modules. It allows an attacker with physical access to gain unauthenticated root access via the UART debugging interface. The UART console connected to the Broadcom SoC does not require authentication, so by physically disassembling the device and connecting to the UART pins with a USB-to-UART interface, an attacker can access a root shell without credentials. This enables full control over the device, including viewing sensitive files and modifying firmware. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows an attacker with physical access to gain full root control of the affected device. The attacker can view sensitive information such as user accounts and configuration files, create persistent backdoors, modify system services, and alter firmware. This compromises the security and integrity of the device, potentially leading to unauthorized access, data theft, and persistent device compromise. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability cannot be detected via network commands as it requires physical access to the device's UART debugging interface. Detection involves physically disassembling the router, locating the UART pins on the PCB near the Broadcom SoC, and connecting a USB-to-UART interface (e.g., Bus Pirate or FTDI) set to a baud rate of 115200. If a root shell is accessible without authentication, the device is vulnerable. There are no specific network commands to detect this remotely. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, apply the R12.2.13.4 firmware patch provided by the vendor. Since the patch is only accessible to authorized users, end users should contact their broadband service providers (BSPs) to have the update applied. Additionally, physical security measures should be enforced to prevent unauthorized physical access to the device's UART interface. [1]