CVE-2025-0674

Multiple Elber products are affected by an authentication bypass 
vulnerability which allows unauthorized access to the password 
management functionality. Attackers can exploit this issue by 
manipulating the endpoint to overwrite any user's password within the 
system. This grants them unauthorized administrative access to protected
 areas of the application, compromising the device's system security.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
icscertCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
Common Weakness Enumeration
References
https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-03