Cyber Resilience

CVE-2025-63409

High

Published: 24 February 2026

Published
24 February 2026
Modified
26 February 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0029 20.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-63409 is a high-severity Improper Access Control (CWE-284) vulnerability in Gcomtw Gcom Epon 1Ge Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 20.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-63409 is a privilege escalation and improper access control vulnerability, mapped to CWE-284, in the GCOM EPON 1GE C00R371V00B01. This issue allows remote authenticated users to bypass restrictions and perform actions typically limited to administrators. The vulnerability received a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-02-24T16:24:06.990.

An attacker with low-privilege authenticated access over the network can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables modification of administrator-only settings and extraction of administrator credentials, resulting in high impacts to confidentiality, integrity, and availability.

Mitigation details are available in advisories referenced at http://gcom.com and the disclosure repository at https://github.com/theShinigami/CVE-Disclosures/tree/main/CVE-2025-63409.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote authenticated users to modify administrator only settings and extract administrator credentials.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
Why these techniques?

Vulnerability enables privilege escalation (T1068), exploitation of remote services (T1210), and credential access via extraction of admin credentials (T1212).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-21667Shared CWE-284
CVE-2026-21262Shared CWE-284
CVE-2025-54968Shared CWE-284
CVE-2025-48983Shared CWE-284
CVE-2026-21982Shared CWE-284
CVE-2026-20628Shared CWE-284
CVE-2025-48619Shared CWE-284
CVE-2025-21405Shared CWE-284
CVE-2026-24303Shared CWE-284
CVE-2026-24290Shared CWE-284

Affected Assets

gcomtw
gcom epon 1ge firmware
c00r371v00b01

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces least privilege to prevent low-privilege authenticated users from escalating to administrator actions like modifying settings or extracting credentials.

prevent

Mandates enforcement of access control policies to block improper access by remote authenticated users to administrator-only functions.

prevent

Directly remediates the specific privilege escalation flaw in GCOM EPON 1GE C00R371V00B01 through timely flaw correction and patching.

References