CVE-2025-63207
Published: 19 November 2025
Summary
CVE-2025-63207 is a critical-severity Improper Authentication (CWE-287) vulnerability in Rvr Tex30Lcd\/S Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 48.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-2 (Account Management).
Deeper analysis
CVE-2025-63207 affects the R.V.R Elettronica TEX product, specifically firmware version TEXL-000400 and Web GUI version TLAN-000400. The vulnerability is a broken access control issue stemming from improper authentication checks on the /_Passwd.html endpoint, classified under CWE-287 (Improper Authentication). It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to high impact on confidentiality, integrity, and availability.
A remote, unauthenticated attacker can exploit this vulnerability by sending a POST request to the /_Passwd.html endpoint without any authentication. Successful exploitation allows the attacker to change the passwords for Admin, Operator, and User accounts, resulting in complete system compromise and full control over the device.
Mitigation details and further information are available in the referenced advisories, including the vulnerability research repository at https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63207_RVR%20Elettronica%20TEX%20Broken%20Access%20Control and the vendor website at https://www.rvr.it/en/.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-198191
Vulnerability details
The R.V.R Elettronica TEX product (firmware TEXL-000400, Web GUI TLAN-000400) is vulnerable to broken access control due to improper authentication checks on the /_Passwd.html endpoint. An attacker can send an unauthenticated POST request to change the Admin, Operator, and User…
more
passwords, resulting in complete system compromise.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables unauthenticated remote exploitation of a public-facing web GUI endpoint to change admin passwords, directly facilitating T1190: Exploit Public-Facing Application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces approved access authorizations to block unauthenticated POST requests from changing Admin, Operator, and User passwords.
Manages authenticators like passwords to ensure changes are performed only through authorized, protected mechanisms.
Establishes account management processes to control modifications to credentials and prevent unauthorized account takeovers.