CVE-2025-67112
Published: 19 March 2026
Summary
CVE-2025-67112 is a critical-severity Use of Hard-coded Cryptographic Key (CWE-321) vulnerability in Fcc (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 34.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-12 (Cryptographic Key Establishment and Management) and SC-28 (Protection of Information at Rest).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Mandates proper cryptographic key establishment and management, directly preventing the use of hard-coded keys in the configuration backup/restore encryption.
Requires timely identification, reporting, and remediation of flaws like the hard-coded key vulnerability through firmware upgrades.
Implements cryptographic protections for information at rest such as device configurations, preventing unauthorized decryption, modification, and re-encryption.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability directly enables network device configuration dumping (T1602.002) via decryption of backups with a hard-coded key, account/credential manipulation (T1098) by modifying sensitive data in configs, and exploitation for privilege escalation (T1068).
NVD Description
Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling credential manipulation and privilege escalation via the…
more
GUI import/export functions.
Deeper analysisAI
CVE-2025-67112 is a critical vulnerability involving the use of a hard-coded AES-256-CBC key in the configuration backup and restore implementation of the Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware versions prior to DG3934v3@2308041842. This flaw, classified under CWE-321 (Use of Hard-coded Cryptographic Key), has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-03-19.
Remote authenticated users can exploit this vulnerability by leveraging the GUI import/export functions to decrypt device configurations, modify sensitive data such as credentials, re-encrypt the configurations, and then restore them. Successful exploitation enables credential manipulation and privilege escalation on the affected device.
Mitigation requires upgrading to firmware version DG3934v3@2308041842 or later. Additional details are available in related advisories and documentation, including the FCC report at https://fcc.report/FCC-ID/P27-SCE4255W/4790935.pdf, the FreedomFi website at https://freedomfi.com/index.html, and a technical blog post at https://neroteam.com/blog/freedomfi-sercomm-sce4255w-englewood.
Details
- CWE(s)