CVE-2025-63729

CVSS v3.1

9.0

Critical

Vector

AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Syrotech SY-GPON-1110-WDONT SYRO 3.7L 3.1.02-240517

Description An issue exists in Syrotech SY-GPON-1110-WDONT firmware where an attacker can extract the SSL Private Key, CA Certificate, SSL Certificate, and Client Certificates in .pem format from the etc folder.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Insertion into Log File

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-532CWE-312

Related Identifiers

CVE-2025-63729

Affected Products

Sy-Gpon-1110-Wdont

CVE-2025-63729

Weakness Enumeration

Related Identifiers

Affected Products

References · 6