CVE-2025-67159

HighPublic PoC

Published: 02 January 2026

Published

02 January 2026

Modified

30 January 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0002 5.0th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-67159 is a high-severity Cleartext Transmission of Sensitive Information (CWE-319) vulnerability in Vatilon Pa4 Firmware. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Sniffing (T1040); ranked at the 5.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense at a Glance

What attackers do: exploitation maps to Network Sniffing (T1040).

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

AT-3 Role-based Training

addresses: CWE-319

Role-based training covers secure transmission methods, mitigating cleartext transmission of sensitive data.

CA-3 Information Exchange

addresses: CWE-319

By requiring documented security controls for information exchanges, the control reduces the risk of cleartext transmission of sensitive data.

CM-13 Data Action Mapping

addresses: CWE-319

Mapping transmission actions in data flows helps prevent cleartext transmission of sensitive information.

CM-6 Configuration Settings

addresses: CWE-319

Settings can enforce secure transmission protocols to prevent cleartext transmission of sensitive data.

MP-1 Policy and Procedures

addresses: CWE-319

Policy addresses secure transport and handling of media to avoid cleartext transmission of sensitive information.

PM-17 Protecting Controlled Unclassified Information on External Systems

addresses: CWE-319

Enforces safeguards against cleartext transmission of CUI when data leaves organizational boundaries to external systems.

SA-9 External System Services

addresses: CWE-319

Explicit controls and continuous oversight on external system services prevent cleartext transmission of sensitive information over provider-managed channels.

SC-12 Cryptographic Key Establishment and Management

addresses: CWE-319

Key-establishment procedures specify secure distribution channels that preclude cleartext transmission of key material.

MITRE ATT&CK Enterprise TechniquesAI

T1040 Network Sniffing Credential Access

Adversaries may passively sniff network traffic to capture information about an environment, including authentication material passed over the network.

attack.mitre.org →

Why these techniques?

Cleartext credential transmission (CWE-319) directly enables network sniffing to capture authentication data in transit.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Vatilon v1.12.37-20240124 was discovered to transmit user credentials in plaintext.

Deeper analysisAI

CVE-2025-67159, published on 2026-01-02, affects Vatilon version v1.12.37-20240124. The vulnerability consists of the software transmitting user credentials in plaintext, mapped to CWE-319 (Cleartext Transmission of Sensitive Information). It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), reflecting high severity primarily from confidentiality impact.

The vulnerability can be exploited by any network-adjacent attacker with the ability to intercept traffic, requiring no privileges, user interaction, or special conditions due to low attack complexity and network accessibility. Exploitation enables the attacker to capture plaintext user credentials, resulting in high-impact disclosure of sensitive authentication data without affecting integrity or availability.

Mitigation details are available in advisories referenced at http://vatilon.com and https://github.com/Remenis/CVE-2025-67159.