CVE-2025-63225 — CRITICAL (9.8)

Vulnerability Description

The Eurolab ELTS100_UBX device (firmware version ELTS100v1.UBX) is vulnerable to Broken Access Control due to missing authentication on critical administrative endpoints. Attackers can directly access and modify sensitive system and network configurations, upload firmware, and execute unauthorized actions without any form of authentication. This vulnerability allows remote attackers to fully compromise the device, control its functionality, and disrupt its operation.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Eurolab-Srl	Elts 100 Firmware	elts100v1.ubx
Eurolab-Srl	Elts 100	e118

Related Weaknesses (CWE)

CWE-284

References

http://eurolab-srl.com/Product
https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-6322ExploitThird Party AdvisoryMitigation

FAQ

What is CVE-2025-63225?

CVE-2025-63225 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Eurolab ELTS100_UBX device (firmware version ELTS100v1.UBX) is vulnerable to Broken Access Control due to missing authentication on critical administrative endpoints. Attackers can directly access...

How severe is CVE-2025-63225?

CVE-2025-63225 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-63225?

Check the references section above for vendor advisories and patch information. Affected products include: Eurolab-Srl Elts 100 Firmware, Eurolab-Srl Elts 100.