Cyber Resilience

CVE-2025-64075

Critical

Published: 11 February 2026

Published
11 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0070 48.5th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-64075 is a critical-severity Path Traversal (CWE-22) vulnerability in Neutsec (inferred from references). Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 48.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-64075 is a path traversal vulnerability (CWE-22) in the check_token function of the Shenzhen Zhibotong Electronics ZBT WE2001 router running firmware version 23.09.27. Published on 2026-02-11, it enables remote attackers to bypass authentication mechanisms by supplying a crafted session cookie value, granting unauthorized access to administrative functions. The vulnerability carries a maximum CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), reflecting its critical severity due to network accessibility, low attack complexity, and comprehensive impact on confidentiality, integrity, and availability with changed scope.

Remote, unauthenticated attackers can exploit this vulnerability over the network without user interaction or privileges. By crafting and sending a malicious session cookie to the affected device, they can evade the check_token authentication check, effectively impersonating an administrator. Successful exploitation allows full administrative control, potentially enabling actions such as configuration changes, firmware modifications, data exfiltration, or device compromise for further network pivoting.

For mitigation guidance, security practitioners should consult the detailed advisory from NeutSec at https://neutsec.io/advisories/cve-2025-64075 and the vendor's site at https://www.zbtwifi.com, which may provide patches, firmware updates, or workarounds specific to the ZBT WE2001 device.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A path traversal vulnerability in the check_token function of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to bypass authentication and perform administrative actions by supplying a crafted session cookie value.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Path traversal vulnerability in check_token function allows remote unauthenticated attackers to bypass authentication via crafted session cookie, directly enabling exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-2505Shared CWE-22
CVE-2026-5841Shared CWE-22
CVE-2026-33242Shared CWE-22
CVE-2026-33292Shared CWE-22
CVE-2026-35605Shared CWE-22
CVE-2025-53632Shared CWE-22
CVE-2025-8110Shared CWE-22
CVE-2026-8757Shared CWE-22
CVE-2025-7712Shared CWE-22
CVE-2026-31817Shared CWE-22

Affected Assets

Neutsec
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of session cookie inputs to prevent path traversal exploitation in the check_token function that bypasses authentication.

prevent

Mandates timely identification, reporting, and correction of the specific path traversal flaw via firmware patching to eliminate authentication bypass.

prevent

Enforces approved authorizations to block unauthorized administrative access even when authentication mechanisms like check_token are targeted.

References