CVE-2025-6763HIGH 8.1EPSS p62.9%

CVE-2025-6763CVE-2025-6763

Description

A vulnerability was found in Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 1.60. Affected by this issue is some unknown functionality of the file /setupA.cfg of the component Web-based Management Interface. Performing manipulation results in missing authentication. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been made public and could be used. There are still doubts about whether this vulnerability truly exists. The vendor explains, that "[d]evices described at CVE are not intended to be exposed into internet and proper security of devices is to end-users."

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS1.16% probability of exploitation · percentile 62.9% · 2026-06-19T12:03:05Z
Published2025-06-27
Last modified2025-10-08

Underlying weaknesses· 2

CWE-287CWE-306

References

  1. https://github.com/zeke2997/CVE_request_comet_system
  2. https://github.com/zeke2997/CVE_request_comet_system#poc
  3. https://vuldb.com/?ctiid.314074
  4. https://vuldb.com/?id.314074
  5. https://vuldb.com/?submit.599848
  6. https://github.com/zeke2997/CVE_request_comet_system

2

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-2870%live
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-7862
CVE
CVE-2025-3663
CVE
CVE-2025-41651
CVE
CVE-2026-35904
CVE
CVE-2025-5763
CVE
CVE-2025-6541
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.