CVE-2025-63205

Published: Nov 19, 2025Modified: Feb 3, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered in bridgetech probes VB220 IP Network Probe,VB120 Embedded IP + RF Probe, VB330 High-Capacity Probe, VB440 ST 2110 Production Analytics Probe, and NOMAD, firmware versions 6.5.0-9, allowing attackers to gain sensitive information such as administrator passwords via the /probe/core/setup/passwd endpoint. NOTE: the Supplier disagrees that 6.5.0-9 is affected, and instead reports that 5.6.0-3 and earlier are affected, and 5.6.0-4 (2020-09-21) and later are fixed.

Affected (5)

Products: Bridgetech: Vb220 Firmware, Vb120 Firmware, Vb330 Firmware, Vb440 Firmware, Nomad Portable Firmware

5 products

Nomad Portable Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Bridgetech Vb220 Firmware	Version 6.5.0-9

Running on/with	Platform Versions
Bridgetech Vb220	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Bridgetech Vb120 Firmware	Version 6.5.0-9

Running on/with	Platform Versions
Bridgetech Vb120	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Bridgetech Vb330 Firmware	Version 6.5.0-9

Running on/with	Platform Versions
Bridgetech Vb330	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Bridgetech Vb440 Firmware	Version 6.5.0-9

Running on/with	Platform Versions
Bridgetech Vb440	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Bridgetech Nomad Portable Firmware	Version 6.5.0-9

Running on/with	Platform Versions
Bridgetech Nomad Portable	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (3)

https://bridgetech.tv/

Source: cve@mitre.org

Product

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63205_bridgetech%20probes%20Information%20Disclosure

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63205_bridgetech%20probes%20Information%20Disclosure

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.