CVE-2025-63205
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-19
Last updated on: 2026-02-03
Assigner: MITRE
Description
Description
An issue was discovered in bridgetech probes VB220 IP Network Probe,VB120 Embedded IP + RF Probe, VB330 High-Capacity Probe, VB440 ST 2110 Production Analytics Probe, and NOMAD, firmware versions 6.5.0-9, allowing attackers to gain sensitive information such as administrator passwords via the /probe/core/setup/passwd endpoint. NOTE: the Supplier disagrees that 6.5.0-9 is affected, and instead reports that 5.6.0-3 and earlier are affected, and 5.6.0-4 (2020-09-21) and later are fixed.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bridgetech | nomad | 6.5.0 |
| bridgetech | vb120_embedded_ip_rf_probe | 6.5.0 |
| bridgetech | vb220_ip_network_probe | 6.5.0 |
| bridgetech | vb330_high-capacity_probe | 6.5.0 |
| bridgetech | vb440_st_2110_production_analytics_probe | 6.5.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in certain bridgetech probes firmware versions 6.5.0-9, where attackers can access the /probe/core/setup/passwd endpoint to obtain sensitive information such as administrator passwords.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could gain access to administrator passwords, potentially allowing unauthorized control over the affected devices and compromising the security of the network or system where these probes are deployed.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70