CVE-2025-6527

Name of the Vulnerable Software and Affected Versions: 70mai M300 versions up to 20250611

Description: A problematic issue was found in the Web Server component, affecting an unknown function. This leads to improper access controls. The attack can only be initiated within the local network and has a rather high complexity, with difficult exploitability. The exploit has been disclosed to the public.

Recommendations: For 70mai M300 versions up to 20250611, consider restricting access to the Web Server component to minimize the risk of exploitation. As a temporary workaround, consider disabling unknown functions of the Web Server component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.