CVE-2025-11942
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-19

Last updated on: 2026-04-29

Assigner: VulDB

Description
A flaw has been found in 70mai X200 up to 20251010. Affected is an unknown function of the component Pairing. Executing manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-19
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-10-19
EPSS Evaluated
2026-06-15
NVD
CVE-2025-11942
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
70mai x200_firmware to 2025-10-10 (inc)
70mai x200 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects the 70mai X200 device's Pairing component, where an unknown function fails to enforce authentication. This missing authentication flaw allows remote attackers to bypass authentication and gain unauthorized access to the device. The exploit is publicly available and can be launched remotely without any user interaction or privileges. [2]

Impact Analysis

Exploitation of this vulnerability can lead to unauthorized remote access to the device, compromising its confidentiality, integrity, and availability. Attackers can manipulate the device without authentication, potentially causing resource exhaustion or other malicious actions. Since the vulnerability is remotely exploitable and publicly known, it poses a high risk to affected devices. [2]

Detection Guidance

Detection can be performed by monitoring network traffic for unauthorized pairing attempts to the 70mai X200 device, as the vulnerability allows remote attackers to bypass authentication on the pairing function. Since a proof-of-concept exploit is publicly available on GitHub, you can use it to test if your device is vulnerable. Specific commands are not provided in the resources, but using network scanning tools to detect unusual pairing requests or attempts to access the pairing component remotely is recommended. [1, 2]

Mitigation Strategies

Immediate mitigation steps include applying restrictive firewall rules to block unauthorized remote access to the 70mai X200 device, especially blocking access to the pairing component remotely. Since no vendor patches or active countermeasures are currently available, network-level restrictions are the primary defense to prevent exploitation. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11942. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart