CVE-2025-36535CRITICAL 10.0EPSS p57.3%

CVE-2025-36535CVE-2025-36535

Description

The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, or arbitrary code execution depending on the environment and exposed functionality.

Scoring

CVSS 3.110.0 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS0.97% probability of exploitation · percentile 57.3% · 2026-06-19T12:03:05Z
Published2025-05-21
Last modified2026-04-15

Underlying weaknesses· 1

CWE-306

References

  1. https://www.automationdirect.com/adc/shopping/catalog/communications/protocol_gateways/modbus_gateways/eki-1221-ce
  2. https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-09

1

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-6542
CVE
CVE-2025-3090
CVE
CVE-2025-59817
CVE
CVE-2025-52692
CVE
CVE-2025-41651
CVE
CVE-2025-6541
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.