CVE-2025-63218CRITICAL 9.8EPSS p43.0%

CVE-2025-63218CVE-2025-63218

Description

The Axel Technology WOLF1MS and WOLF2MS devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system settings, leading to full compromise of the device.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.58% probability of exploitation · percentile 43.0% · 2026-06-18T12:00:27Z
Published2025-11-19
Last modified2026-01-12

Underlying weaknesses· 2

CWE-284CWE-285

References

  1. https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63218_Axel%20Technology%20WOLF1MS%20and%20WOLF2MS%20-%20Broken%20Access%20Control
  2. https://www.axeltechnology.com/

2

TypeTargetConfidenceTier
WeaknessImproper Access Controlcwe-2840%live
WeaknessImproper Authorizationcwe-2850%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-63221
CVE
CVE-2025-63223
CVE
CVE-2025-28202
CVE
CVE-2026-1185
CVE
CVE-2025-30026
CVE
CVE-2025-58083
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.