CVE-2025-63218
Published: 19 November 2025
Summary
CVE-2025-63218 is a critical-severity Improper Access Control (CWE-284) vulnerability in Axeltechnology Wolf1Ms Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 24.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-14 requires explicit identification and authorization of actions permitted without identification or authentication, directly preventing exposure of sensitive unauthenticated endpoints like /cgi-bin/gstFcgi.fcgi.
AC-3 mandates enforcement of approved authorizations for access to system resources, addressing the missing access enforcement on the vulnerable endpoint that allows full device compromise.
AC-6 enforces least privilege for authorized accesses, limiting damage from unauthorized user creation, deletion, and system modification even if initial access control fails.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The unauthenticated access to device management endpoint enables exploitation of a public-facing application (T1190), listing user accounts (T1087.001), and creating administrative accounts (T1136.001).
NVD Description
The Axel Technology WOLF1MS and WOLF2MS devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and…
more
modify system settings, leading to full compromise of the device.
Deeper analysisAI
CVE-2025-63218 is a Broken Access Control vulnerability (CWE-284, CWE-285) affecting Axel Technology WOLF1MS and WOLF2MS devices running firmware versions 0.8.5 through 1.0.3. The issue stems from missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint, which exposes sensitive device management functions without requiring credentials. This critical flaw, assigned a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), was published on 2025-11-19.
Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation allows attackers to list existing user accounts, create new administrative users, delete users, and modify system settings, resulting in full compromise of the affected device.
Advisories and further details are available in the referenced GitHub repository at https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63218_Axel%20Technology%20WOLF1MS%20and%20WOLF2MS%20-%20Broken%20Access%20Control, which contains vulnerability research, and on the vendor's website at https://www.axeltechnology.com/. No specific patch or mitigation guidance is detailed in the primary CVE information.
Details
- CWE(s)