Home / Vulnerability Intelligence / CVE-2025-63409

CVE-2025-63409 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: February 25, 2026

GCOM EPON - Broken Access Control

Published: February 24, 2026Updated: February 25, 2026Remote Exploitable

Overview

GCOM EPON 1GE C00R371V00B01 contains a broken access control vulnerability caused by improper access control, letting remote authenticated users modify administrator settings and extract credentials, exploit requires authentication.

Severity & Score

Severity: High

CVSS Score: 8.8

Impact

Remote authenticated users can modify admin settings and extract credentials, leading to full administrative control compromise.

Mitigation

Update to the latest version or apply vendor patches addressing access control.

References

http://gcom.com
https://github.com/theShinigami/CVE-Disclosures/tree/main/CVE-2025-63409

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-63409
Severity: High
CVSS Score: 8.8
Type: broken_access_control
Status: unconfirmed

CWE

CWE-284

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H