CVE 10 CRITICAL

CVE-2025-29270_CVE-2025-29270

October 31, 2025 invoker category_cve

10 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the device.

AI Analysis

Authentication bypass vulnerability in DSE855 devices due to incorrect access control in the realtime.cgi endpoint

Basic Information

ID CVE-2025-29270

Source mitre

Published Oct 31, 2025 at 00:00

Modified Oct 31, 2025 at 19:20

Affected Product

Vendor Deep Sea Electronics

Product DSE855

Version v1.1.0 to v1.1.26

Affected Versions n/a n/a n/a

CWE Classification

CWE-200 CWE-284

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor Deep Sea Electronics

Product DSE855

Version v1.1.0 to v1.1.26

References

blog.byteray.co.uk /shadow-entry-discovery-of-authentication-bypass-vulnerability-in-dse855-communications-device-938e35d4b361

{
    "lastseen": "",
    "description": "Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the device.",
    "published": "2025-10-31T00:00:00.000Z",
    "modified": "2025-10-31T19:20:26.805Z",
    "type": "cve",
    "title": "CVE-2025-29270",
    "source": "mitre",
    "references": "https://blog.byteray.co.uk/shadow-entry-discovery-of-authentication-bypass-vulnerability-in-dse855-communications-device-938e35d4b361",
    "id": "CVE-2025-29270",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DSE855",
    "version": "v1.1.0 to v1.1.26",
    "vendor": "Deep Sea Electronics",
    "ai_description": "Authentication bypass vulnerability in DSE855 devices due to incorrect access control in the realtime.cgi endpoint",
    "ai_severity": "Critical",
    "ai_vendor": "Deep Sea Electronics",
    "ai_product": "DSE855",
    "ai_version": "v1.1.0 to v1.1.26",
    "ai_score": 10
}

💭 Join the Security Discussion ❌ Cancel Reply