CVE-2025-63206CRITICAL 9.8EPSS p37.8%

CVE-2025-63206CVE-2025-63206

Description

An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain escalated privileges via storing crafted cookies in the web browser.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.48% probability of exploitation · percentile 37.8% · 2026-06-18T12:00:27Z
Published2025-11-19
Last modified2025-12-31

Underlying weaknesses· 1

CWE-306

References

  1. http://dasansmc.com/
  2. https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63206_Dasan%20Switch%20DS2924%20Authentication%20Bypass
  3. https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63206_Dasan%20Switch%20DS2924%20Authentication%20Bypass

1

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-52079
CVE
CVE-2025-2619
CVE
CVE-2025-60772
CVE
CVE-2026-20998
CVE
CVE-2025-44083
CVE
CVE-2025-2621
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.