← Back

CVE-2025-63225

nvd nist
Published: Nov 18, 2025Modified: Feb 4, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The Eurolab ELTS100_UBX device (firmware version ELTS100v1.UBX) is vulnerable to Broken Access Control due to missing authentication on critical administrative endpoints. Attackers can directly access and modify sensitive system and network configurations, upload firmware, and execute unauthorized actions without any form of authentication. This vulnerability allows remote attackers to fully compromise the device, control its functionality, and disrupt its operation.

Affected (1)

Eurolab Srl
1 product
Elts 100 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Elts 100 Firmware
Version elts100v1.ubx
Running on/withPlatform Versions
Eurolab Srl
Elts 100
Version e118

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

Source: cve@mitre.org
Product
Source: cve@mitre.org
ExploitThird Party AdvisoryMitigation

Timeline

No history available yet.