Home / Vulnerability Intelligence / CVE-2025-71056

CVE-2025-71056 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: February 25, 2026

GCOM EPON 1GE ONU - Authentication Bypass

Published: February 23, 2026Updated: February 25, 2026Remote Exploitable

Overview

GCOM EPON 1GE ONU version C00R371V00B01 contains an improper session management vulnerability caused by IP address spoofing, letting attackers hijack sessions, exploit requires spoofing an authenticated user's IP address.

Severity & Score

Severity: Critical

CVSS Score: 9.1

Impact

Attackers can hijack authenticated user sessions, potentially gaining unauthorized access to the system.

Mitigation

Update to the latest version that fixes the session management issue.

References

http://www.szgcom.com
https://github.com/theShinigami/CVE-Disclosures/blob/main/CVE-2025-71056/README.md
https://johnbai.en.made-in-china.com/product/JXnENzmlJFpv/China-H18gn-Series-Gpon-Ont-ONU.html

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-71056
Severity: Critical
CVSS Score: 9.1
Type: broken_authentication
Status: unconfirmed

CWE

CWE-290

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N