CVE 9.8 CRITICAL

CVE-2025-63210_CVE-2025-63210

November 19, 2025 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The Newtec Celox UHD (models: CELOXA504, CELOXA820) running firmware version celox-21.6.13 is vulnerable to an authentication bypass. An attacker can exploit this issue by modifying intercepted responses from the /celoxservice endpoint. By injecting a forged response body during the loginWithUserName flow, the attacker can gain Superuser or Operator access without providing valid credentials.

AI Analysis

Authentication bypass vulnerability in Newtec Celox UHD firmware version celox-21.6.13, allowing attackers to gain Superuser or Operator access without valid credentials.

Basic Information

ID CVE-2025-63210

Source mitre

Published Nov 19, 2025 at 00:00

Modified Nov 19, 2025 at 18:24

Affected Product

Vendor Newtec

Product Newtec Celox UHD

Version celox-21.6.13

Affected Versions n/a n/a n/a

CWE Classification

CWE-287 CWE-303 CWE-302

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Newtec

Product Newtec Celox UHD

Version celox-21.6.13

References

{
    "lastseen": "",
    "description": "The Newtec Celox UHD (models: CELOXA504, CELOXA820) running firmware version celox-21.6.13 is vulnerable to an authentication bypass. An attacker can exploit this issue by modifying intercepted responses from the /celoxservice endpoint. By injecting a forged response body during the loginWithUserName flow, the attacker can gain Superuser or Operator access without providing valid credentials.",
    "published": "2025-11-19T00:00:00.000Z",
    "modified": "2025-11-19T18:24:00.875Z",
    "type": "cve",
    "title": "CVE-2025-63210",
    "source": "mitre",
    "references": "https://www.newtec.com/\nhttps://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63210_Newtec%20Celox%20UHD%20Authentication%20Bypass%20_%20Privilege%20Escalation",
    "id": "CVE-2025-63210",
    "bulletinFamily": "",
    "cwe": [
        "CWE-287",
        "CWE-303",
        "CWE-302"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Newtec Celox UHD",
    "version": "celox-21.6.13",
    "vendor": "Newtec",
    "ai_description": "Authentication bypass vulnerability in Newtec Celox UHD firmware version celox-21.6.13, allowing attackers to gain Superuser or Operator access without valid credentials.",
    "ai_severity": "Critical",
    "ai_vendor": "Newtec",
    "ai_product": "Newtec Celox UHD",
    "ai_version": "celox-21.6.13",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply