CVE-2025-63221

Name of the Vulnerable Software and Affected Versions Axel Technology puma versions 0.8.5 through 1.0.3

Description The devices are susceptible to Broken Access Control because of a lack of authentication on the /cgi-bin/gstFcgi.fcgi endpoint. This allows unauthenticated remote attackers to perform actions such as listing user accounts, creating new administrative users, deleting users, and modifying system settings, potentially resulting in full device compromise.

Recommendations Apply updates to versions beyond 1.0.3.