Vulnerability Description
The Axel Technology WOLF1MS and WOLF2MS devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system settings, leading to full compromise of the device.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Axeltechnology | Wolf1Ms Firmware | >= 0.8.5, <= 1.0.3 |
| Axeltechnology | Wolf1Ms | - |
| Axeltechnology | Wolf2Ms Firmware | >= 0.8.5, <= 1.0.3 |
| Axeltechnology | Wolf2Ms | - |
Related Weaknesses (CWE)
References
- https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-6321ExploitThird Party Advisory
- https://www.axeltechnology.com/Product
FAQ
What is CVE-2025-63218?
CVE-2025-63218 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Axel Technology WOLF1MS and WOLF2MS devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthen...
How severe is CVE-2025-63218?
CVE-2025-63218 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-63218?
Check the references section above for vendor advisories and patch information. Affected products include: Axeltechnology Wolf1Ms Firmware, Axeltechnology Wolf1Ms, Axeltechnology Wolf2Ms Firmware, Axeltechnology Wolf2Ms.