PT-2025-53595 · Comtech Ef Data · Cdm-625A+1

Shiky8

Publicado

2025-12-26

Atualizado

2026-01-02

CVE-2025-67015

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem version 2.5.1

Description A flaw in access control within the Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem firmware allows attackers to modify the Administrator password and gain elevated privileges. This is achieved by submitting a specially crafted POST request to the /Forms/admin access 1 API endpoint. The vulnerability allows unauthorized modification of administrative credentials.

Recommendations Apply updates to address the access control issue in the affected modem firmware version 2.5.1.

Exploit

Correção

LPE

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

CVE-2025-67015

Produtos afetados

Cdm-625

Cdm-625A

PT-2025-53595 · Comtech Ef Data · Cdm-625A+1

CVE-2025-67015

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8