CVE-2025-63409

High

Published: 24 February 2026

Published

24 February 2026

Modified

26 February 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0015 35.7th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-63409 is a high-severity Improper Access Control (CWE-284) vulnerability in Gcomtw Gcom Epon 1Ge Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 35.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-6 Least Privilege good match

prevent

Enforces least privilege to prevent low-privilege authenticated users from escalating to administrator actions like modifying settings or extracting credentials.

AC-3 Access Enforcement good match

prevent

Mandates enforcement of access control policies to block improper access by remote authenticated users to administrator-only functions.

SI-2 Flaw Remediation good match

prevent

Directly remediates the specific privilege escalation flaw in GCOM EPON 1GE C00R371V00B01 through timely flaw correction and patching.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

T1212 Exploitation for Credential Access Credential Access

Adversaries may exploit software vulnerabilities in an attempt to collect credentials.

attack.mitre.org →

Why these techniques?

Vulnerability enables privilege escalation (T1068), exploitation of remote services (T1210), and credential access via extraction of admin credentials (T1212).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote authenticated users to modify administrator only settings and extract administrator credentials.

Deeper analysisAI

CVE-2025-63409 is a privilege escalation and improper access control vulnerability, mapped to CWE-284, in the GCOM EPON 1GE C00R371V00B01. This issue allows remote authenticated users to bypass restrictions and perform actions typically limited to administrators. The vulnerability received a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-02-24T16:24:06.990.

An attacker with low-privilege authenticated access over the network can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables modification of administrator-only settings and extraction of administrator credentials, resulting in high impacts to confidentiality, integrity, and availability.

Mitigation details are available in advisories referenced at http://gcom.com and the disclosure repository at https://github.com/theShinigami/CVE-Disclosures/tree/main/CVE-2025-63409.