CVE-2025-63210CRITICAL 9.8EPSS p38.6%

CVE-2025-63210CVE-2025-63210

Description

The Newtec Celox UHD (models: CELOXA504, CELOXA820) running firmware version celox-21.6.13 is vulnerable to an authentication bypass. An attacker can exploit this issue by modifying intercepted responses from the /celoxservice endpoint. By injecting a forged response body during the loginWithUserName flow, the attacker can gain Superuser or Operator access without providing valid credentials.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.50% probability of exploitation · percentile 38.6% · 2026-06-18T12:00:27Z
Published2025-11-19
Last modified2026-01-15

Underlying weaknesses· 3

CWE-287CWE-302CWE-303

References

  1. https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63210_Newtec%20Celox%20UHD%20Authentication%20Bypass%20_%20Privilege%20Escalation
  2. https://www.newtec.com/

3

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-2870%live
WeaknessAuthentication Bypass by Assumed-Immutable Datacwe-3020%live
WeaknessIncorrect Implementation of Authentication Algorithmcwe-3030%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-63225
CVE
CVE-2025-52376
CVE
CVE-2025-26390
CVE
CVE-2025-46412
CVE
CVE-2025-52689
CVE
CVE-2025-13184
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.