CVE 9 CRITICAL

CVE-2025-63729_CVE-2025-63729

November 25, 2025 invoker category_cve

9 / 10

CRITICAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Description

An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.02-240517 allowing attackers to extract the SSL Private Key, CA Certificate, SSL Certificate, and Client Certificates in .pem format in firmware in etc folder.

AI Analysis

Extraction of sensitive certificates and private key

Basic Information

ID CVE-2025-63729

Source mitre

Published Nov 25, 2025 at 00:00

Modified Nov 25, 2025 at 16:54

Affected Product

Vendor Syrotech

Product SY-GPON-1110-WDONT

Version SYRO_3.7L_3.1.02-240517

Affected Versions n/a n/a n/a

CWE Classification

CWE-532 CWE-312 CWE-200

AI Assessment

AI Score 9 / 10

AI Severity Critical

Vendor Syrotech

Product SY-GPON-1110-WDONT

Version SYRO_3.7L_3.1.02-240517

References

github.com /Yashodhanvivek/CVE-2025-63729-Syrotech-SY-GPON-1110-/blob/main/Syrotech_SY-GPON-1110-WDONT_Security_Assessment.pdf

{
    "lastseen": "",
    "description": "An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.02-240517 allowing attackers to extract the SSL Private Key, CA Certificate, SSL Certificate, and Client Certificates in .pem format in firmware in etc folder.",
    "published": "2025-11-25T00:00:00.000Z",
    "modified": "2025-11-25T16:54:16.174Z",
    "type": "cve",
    "title": "CVE-2025-63729",
    "source": "mitre",
    "references": "https://github.com/Yashodhanvivek/CVE-2025-63729-Syrotech-SY-GPON-1110-/blob/main/Syrotech_SY-GPON-1110-WDONT_Security_Assessment.pdf",
    "id": "CVE-2025-63729",
    "bulletinFamily": "",
    "cwe": [
        "CWE-532",
        "CWE-312",
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SY-GPON-1110-WDONT",
    "version": "SYRO_3.7L_3.1.02-240517",
    "vendor": "Syrotech",
    "ai_description": "Extraction of sensitive certificates and private key",
    "ai_severity": "Critical",
    "ai_vendor": "Syrotech",
    "ai_product": "SY-GPON-1110-WDONT",
    "ai_version": "SYRO_3.7L_3.1.02-240517",
    "ai_score": 9
}

💭 Join the Security Discussion ❌ Cancel Reply