CVE-2025-63210
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-19
Last updated on: 2025-11-19
Assigner: MITRE
Description
Description
The Newtec Celox UHD (models: CELOXA504, CELOXA820) running firmware version celox-21.6.13 is vulnerable to an authentication bypass. An attacker can exploit this issue by modifying intercepted responses from the /celoxservice endpoint. By injecting a forged response body during the loginWithUserName flow, the attacker can gain Superuser or Operator access without providing valid credentials.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| newtec | celox_uhd | celox-21.6.13 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-303 | The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect. |
| CWE-302 | The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker. |
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
