CVE-2025-25037

Name of the Vulnerable Software and Affected Versions: Aquatronica Controller System firmware versions <= 5.1.6 Aquatronica Controller System web interface versions <= 2.0

Description: An information disclosure issue exists, allowing remote attackers to issue crafted POST requests to the "tcp.php" endpoint and retrieve sensitive configuration data, including plaintext administrative credentials, due to a lack of restriction on unauthenticated access. This can lead to full system compromise, enabling unauthorized manipulation of connected devices and aquarium parameters.

Recommendations: For Aquatronica Controller System firmware versions <= 5.1.6, update to a version greater than 5.1.6 to resolve the issue. For Aquatronica Controller System web interface versions <= 2.0, update to a version greater than 2.0 to resolve the issue. As a temporary workaround, consider restricting access to the "tcp.php" endpoint until a patch is available.