CVE-2025-6685
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-02

Last updated on: 2026-02-26

Assigner: Zero Day Initiative

Description
ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The issue results from the lack of validating the assigned user role when handling requests. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-26647.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-02
Last Modified
2026-02-26
Generated
2026-06-16
AI Q&A
2025-09-02
EPSS Evaluated
2026-06-14
NVD
CVE-2025-6685
EUVD
EUVD-2025-26443
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
aten eco_dc *
aten eco_dc 1.2.116
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-6685 is a privilege escalation vulnerability in the ATEN eco DC product. It exists because the web-based interface does not properly validate the assigned user roles when handling requests. This flaw allows authenticated remote attackers to escalate their privileges and gain access to resources that should normally be restricted based on their user role. [1, 2]

Impact Analysis

This vulnerability can allow an attacker who already has some level of access to the ATEN eco DC system to escalate their privileges remotely over the network. This means they could gain unauthorized access to sensitive resources, potentially compromising confidentiality, integrity, and availability of the system. [1, 2]

Mitigation Strategies

To mitigate this vulnerability, immediately update the ATEN eco DC firmware to version V1.2.116 or later, as this version contains the patch that fixes the missing authorization checks allowing privilege escalation. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-6685. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart