CVE-2025-6685
BaseFortify
Publication date: 2025-09-02
Last updated on: 2026-02-26
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| aten | eco_dc | * |
| aten | eco_dc | 1.2.116 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6685 is a privilege escalation vulnerability in the ATEN eco DC product. It exists because the web-based interface does not properly validate the assigned user roles when handling requests. This flaw allows authenticated remote attackers to escalate their privileges and gain access to resources that should normally be restricted based on their user role. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow an attacker who already has some level of access to the ATEN eco DC system to escalate their privileges remotely over the network. This means they could gain unauthorized access to sensitive resources, potentially compromising confidentiality, integrity, and availability of the system. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the ATEN eco DC firmware to version V1.2.116 or later, as this version contains the patch that fixes the missing authorization checks allowing privilege escalation. [1, 2]