Cyber Posture

CVE-2025-67135

Critical

Published: 11 February 2026

Published
11 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 6.4th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-67135 is a critical-severity Authentication Bypass by Capture-replay (CWE-294) vulnerability in Neutsec (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-23 (Session Authenticity).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-23 Session Authenticity good match
prevent

Mandates replay-resistant authentication protocols to directly prevent code replay attacks compromising keyfob access control.

IA-5 Authenticator Management good match
prevent

Requires management of keyfob authenticators with mechanisms like rolling codes or timestamps to prevent replayable codes.

SI-2 Flaw Remediation good match
prevent

Directly addresses the weak security flaw in the PF-50 keyfob by requiring timely flaw remediation and patching.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Replay-based auth bypass on network-exposed alarm system directly enables remote exploitation of public-facing access control.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Weak Security in the PF-50 1.2 keyfob of PGST PG107 Alarm System 1.25.05.hf allows attackers to compromise access control via a code replay attack.

Deeper analysisAI

The vulnerability CVE-2025-67135 affects the PF-50 1.2 keyfob in the PGST PG107 Alarm System version 1.25.05.hf, where weak security enables a code replay attack that compromises access control. Published on 2026-02-11, it carries a CVSS score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-294.

Any remote attacker can exploit this without privileges or user interaction by capturing and replaying keyfob codes, achieving high-impact unauthorized access to the alarm system, including potential confidentiality, integrity, and availability violations.

The advisory at https://neutsec.io/advisories/cve-2025-67135 details the vulnerability; practitioners should review it for recommended mitigations or patches.

Details

CWE(s)
CWE-294

Affected Products

Neutsec
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-32987Shared CWE-294
CVE-2025-65552Shared CWE-294
CVE-2025-26201Shared CWE-294
CVE-2026-20999Shared CWE-294
CVE-2025-59023Shared CWE-294
CVE-2026-30080Shared CWE-294
CVE-2026-30789Shared CWE-294
CVE-2025-13777Shared CWE-294
CVE-2026-34209Shared CWE-294
CVE-2024-12137Shared CWE-294

References