CVE-2025-63210

Name of the Vulnerable Software and Affected Versions Newtec Celox UHD versions celox-21.6.13

Description The Newtec Celox UHD (models CELOXA504, CELOXA820) is affected by an authentication bypass. An attacker can gain Superuser or Operator access without valid credentials by modifying intercepted responses from the /celoxservice endpoint during the loginWithUserName flow. This is achieved by injecting a forged response body.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the /celoxservice endpoint.