CVE-2025-9964
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-23

Last updated on: 2026-03-31

Assigner: CyberDanube

Description
No password for the root user is set in Novakon P series. This allows phyiscal attackers to enter the console easily. This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-23
Last Modified
2026-03-31
Generated
2026-06-16
AI Q&A
2025-09-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-9964
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
novakon iface_rt *
novakon p_series v2001.a.c518o2
novakon pseriesbiosinterface *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-521 The product does not require that users should have strong passwords.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs because the Novakon P series devices do not have a password set for the root user. This lack of a root password allows physical attackers to easily access the device's console without any authentication.

Impact Analysis

An attacker with physical access to the device can gain unrestricted root access to the system, potentially leading to unauthorized control, data manipulation, or disruption of device operations.

Mitigation Strategies

Set a strong password for the root user on the Novakon P series device to prevent unauthorized physical access to the console.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9964. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart