CVE-2025-63225CRITICAL 9.8EPSS p41.6%

CVE-2025-63225CVE-2025-63225

Description

The Eurolab ELTS100_UBX device (firmware version ELTS100v1.UBX) is vulnerable to Broken Access Control due to missing authentication on critical administrative endpoints. Attackers can directly access and modify sensitive system and network configurations, upload firmware, and execute unauthorized actions without any form of authentication. This vulnerability allows remote attackers to fully compromise the device, control its functionality, and disrupt its operation.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.55% probability of exploitation · percentile 41.6% · 2026-06-18T12:00:27Z
Published2025-11-18
Last modified2026-02-04

Underlying weaknesses· 1

CWE-284

References

  1. http://eurolab-srl.com/
  2. https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63225_Eurolab_ELTS100_UBX_Broken_Access_Control

1

TypeTargetConfidenceTier
WeaknessImproper Access Controlcwe-2840%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-0674
CVE
CVE-2025-28202
CVE
CVE-2025-41651
CVE
CVE-2025-63210
CVE
CVE-2025-3090
CVE
CVE-2025-63207
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.