CVE-2025-63210
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-63210, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-11-19

Last updated on: 2025-11-19

Assigner: MITRE

Description

The Newtec Celox UHD (models: CELOXA504, CELOXA820) running firmware version celox-21.6.13 is vulnerable to an authentication bypass. An attacker can exploit this issue by modifying intercepted responses from the /celoxservice endpoint. By injecting a forged response body during the loginWithUserName flow, the attacker can gain Superuser or Operator access without providing valid credentials.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-11-19
Last Modified
2025-11-19
Generated
2026-07-06
AI Q&A
2025-11-19
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
newtec celox_uhd celox-21.6.13

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-302 The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.
CWE-303 The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability in Newtec Celox UHD devices (models CELOXA504, CELOXA820) running firmware celox-21.6.13 allows an attacker to bypass authentication by modifying intercepted responses from the /celoxservice endpoint. By injecting a forged response during the loginWithUserName process, the attacker can gain Superuser or Operator access without valid credentials.

Impact Analysis

This vulnerability can allow an attacker to gain unauthorized Superuser or Operator access to the affected device, potentially leading to full control over the device, unauthorized configuration changes, data exposure, or disruption of services.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-63210. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart