CVE-2025-6685HIGH 8.8EPSS p46.4%

CVE-2025-6685CVE-2025-6685

Description

ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The issue results from the lack of validating the assigned user role when handling requests. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-26647.

Scoring

CVSS 3.08.8 (HIGH)
VectorCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.65% probability of exploitation · percentile 46.4% · 2026-06-18T12:00:27Z
Published2025-09-02
Last modified2026-02-26

Underlying weaknesses· 1

CWE-862

References

  1. https://www.aten.com/global/en/supportcenter/info/security-advisory/25/
  2. https://www.zerodayinitiative.com/advisories/ZDI-25-650/

1

TypeTargetConfidenceTier
WeaknessMissing Authorizationcwe-8620%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-32658
CVE
CVE-2025-20164
CVE
CVE-2025-46066
CVE
CVE-2025-61429
CVE
CVE-2025-22477
CVE
CVE-2026-5786
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.