CVE-2025-6525

CVSS v3.1

4.3

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions: 70mai 1S up to 20250611

Description: A problematic issue was found in the Configuration Handler component, affecting the /cgi-bin/Config.cgi?action=set file. This leads to improper authorization. The attack must be launched within the local network.

Recommendations: For 70mai 1S up to 20250611, restrict access to the Config.cgi file and the action=set parameter to minimize the risk of exploitation. As a temporary workaround, consider disabling the Configuration Handler component until a patch is available. Avoid using the /cgi-bin/Config.cgi?action=set endpoint until the issue is resolved.

Exploit

Fix

Improper Authorization

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-266

Related Identifiers

CVE-2025-6525

Affected Products

70Mai 1S

CVE-2025-6525

Weakness Enumeration

Related Identifiers

Affected Products

References · 7