CVE-2025-24517
Published: 31 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-24517 is a use of client-side authentication issue affecting all versions of CHOCO TEI WATCHER mini (IB-MCT001). Published on 2025-03-31T05:15:15.420, the vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and maps to CWE-603.
A remote attacker requires no privileges or user interaction to exploit this vulnerability with low attack complexity. Successful exploitation allows the attacker to obtain the product login password without authentication, resulting in high-impact confidentiality loss.
Advisories from JVN (JVNVU#91154745), CISA (ICSA-25-084-04), the vendor (chocomini_vulnerability.pdf), and Nozomi Networks provide details on mitigations and patches for this issue.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is a client-side authentication bypass in a network-accessible product allowing remote unauthenticated retrieval of login credentials, directly enabling exploitation of a public-facing application for initial access and credential disclosure.