Home / Vulnerability Intelligence / CVE-2025-63409

CVE-2025-63409 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: February 25, 2026

GCOM EPON - Broken Access Control

Published: February 24, 2026Updated: February 25, 2026Remote Exploitable

Overview

GCOM EPON 1GE C00R371V00B01 contains a broken access control vulnerability caused by improper access control, letting remote authenticated users modify administrator settings and extract credentials, exploit requires authentication.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 10.3%(Probability of exploitation in next 30 days)

Impact

Remote authenticated users can modify admin settings and extract credentials, leading to full administrative control compromise.

Mitigation

Update to the latest version or apply vendor patches addressing access control.

References

Social Media Activity(2 posts)

TheHackerWire

@thehackerwire

Feb 25, 2026

🟠 CVE-2025-63409 - High (8.8) Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote authenticated users to modify administrator only settings and extract administrator credentials. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-63409/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

TheHackerWire

@thehackerwire

Feb 25, 2026

View original post

Related Resources

Details

CVE ID: CVE-2025-63409
Severity: High
CVSS Score: 8.8
Type: broken_access_control
Status: unconfirmed
EPSS: 10.3%
Social Posts: 2

CWE

CWE-284

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

10.3%Probability of exploitation in the next 30 days