CVE-2025-63210
BaseFortify
Publication date: 2025-11-19
Last updated on: 2025-11-19
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| newtec | celox_uhd | celox-21.6.13 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-302 | The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker. |
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
| CWE-303 | The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in Newtec Celox UHD devices (models CELOXA504, CELOXA820) running firmware celox-21.6.13 allows an attacker to bypass authentication by modifying intercepted responses from the /celoxservice endpoint. By injecting a forged response during the loginWithUserName process, the attacker can gain Superuser or Operator access without valid credentials.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to gain unauthorized Superuser or Operator access to the affected device, potentially leading to full control over the device, unauthorized configuration changes, data exposure, or disruption of services.