CVE-2025-6525

low

Description

A vulnerability classified as problematic was found in 70mai 1S up to 20250611. This vulnerability affects unknown code of the file /cgi-bin/Config.cgi?action=set of the component Configuration Handler. The manipulation leads to improper authorization. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

https://vuldb.com/?submit.595446

https://vuldb.com/?id.313642

https://vuldb.com/?ctiid.313642

https://github.com/geo-chen/70mai/blob/main/README.md#finding-3-unauthorised-configuration-change

Details

Source: Mitre, NVD

Published: 2025-06-23

Updated: 2025-06-23

Risk Information

CVSS v2

Base Score: 3.3

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 4.3

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Severity: Medium

CVSS v4

Base Score: 2.1

Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Severity: Low

EPSS

EPSS: 0.00012