CVE-2025-67015
Improper Access Control in Comtech CDM-625 Allows Privilege Escalation
Publication date: 2025-12-26
Last updated on: 2025-12-26
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| comtech_ef_data | cdm-625 | 2.5.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an incorrect access control issue in Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem with firmware v2.5.1. It allows attackers to change the Administrator password and escalate privileges by sending a specially crafted POST request to the /Forms/admin_access_1 endpoint.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can gain unauthorized administrative access to the affected modem by changing the Administrator password. This privilege escalation can lead to full control over the device, potentially allowing the attacker to disrupt communications, alter configurations, or use the device for malicious purposes.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crafted POST requests to the endpoint /Forms/admin_access_1 on the Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem. Network traffic analysis tools like tcpdump or Wireshark can be used to capture and inspect HTTP POST requests targeting this path. For example, a command like `tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/Forms/admin_access_1'` can help identify suspicious POST requests. Additionally, reviewing web server logs on the device for POST requests to /Forms/admin_access_1 may reveal attempts to exploit this vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the /Forms/admin_access_1 endpoint to trusted administrators only, such as by implementing network-level access controls or firewall rules. Additionally, monitoring and blocking suspicious POST requests to this endpoint can help prevent exploitation. If possible, update the firmware to a version that addresses this access control issue once available. Until a patch is released, consider isolating the device from untrusted networks to reduce exposure. [1]