CVE-2025-24517

High

Published: 31 March 2025

Published

31 March 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0107 77.9th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24517 is a high-severity Use of Client-Side Authentication (CWE-603) vulnerability in Jvn (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 22.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-14 Permitted Actions Without Identification or Authentication good match

prevent

AC-14 directly prohibits permitting sensitive actions like obtaining the product login password without identification or authentication, addressing the core client-side authentication flaw.

SC-14 Public Access Protections good match

prevent

SC-14 establishes protections for security-relevant information accessible publicly without authentication, mitigating remote unauthenticated retrieval of the login password.

AC-3 Access Enforcement good match

prevent

AC-3 enforces approved authorizations for access to system resources, preventing unauthorized extraction of credentials due to inadequate client-side enforcement.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability is a client-side authentication bypass in a network-accessible product allowing remote unauthenticated retrieval of login credentials, directly enabling exploitation of a public-facing application for initial access and credential disclosure.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Use of client-side authentication issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentication.

Deeper analysisAI

CVE-2025-24517 is a use of client-side authentication issue affecting all versions of CHOCO TEI WATCHER mini (IB-MCT001). Published on 2025-03-31T05:15:15.420, the vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and maps to CWE-603.

A remote attacker requires no privileges or user interaction to exploit this vulnerability with low attack complexity. Successful exploitation allows the attacker to obtain the product login password without authentication, resulting in high-impact confidentiality loss.

Advisories from JVN (JVNVU#91154745), CISA (ICSA-25-084-04), the vendor (chocomini_vulnerability.pdf), and Nozomi Networks provide details on mitigations and patches for this issue.

Details

CWE(s): CWE-603

Affected Products

Jvn

—

inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-12868Shared CWE-603

CVE-2026-1363Shared CWE-603

CVE-2025-61940Shared CWE-603

CVE-2025-30042Shared CWE-603

References

https://jvn.jp/en/vu/JVNVU91154745/
vultures@jpcert.or.jp
https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04
vultures@jpcert.or.jp
https://www.inaba.co.jp/files/chocomini_vulnerability.pdf
vultures@jpcert.or.jp
https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording
vultures@jpcert.or.jp