Cyber Posture

CVE-2025-24846

High

Published: 03 March 2025

Published
03 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0018 39.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

Security Summary

CVE-2025-24846 is an authentication bypass vulnerability (CWE-288) affecting the FutureNet AS series industrial routers provided by Century Systems Co., Ltd. The flaw enables attackers to circumvent authentication controls through a specially crafted request, exposing device information such as the MAC address. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), highlighting its high confidentiality impact.

A remote unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation allows the attacker to obtain sensitive device details, including the MAC address, without needing prior privileges.

Advisories published by JVN (https://jvn.jp/en/vu/JVNVU96398949/) and Century Systems (https://www.centurysys.co.jp/backnumber/common/jvnvu96398949.html) provide further details on the vulnerability, including recommended mitigations and patches. Security practitioners should consult these sources for specific remediation steps.

Details

CWE(s)
CWE-288

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Authentication bypass in network-accessible router management interface enables remote exploitation for unauthorized device information access, directly mapping to exploiting public-facing applications.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

References