CVE-2025-60772
Published: 21 October 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2025-60772 is an improper authentication vulnerability (CWE-287) in the web-based management interface of the NETLINK HG322G router running firmware version V1.0.00-231017. Published on 2025-10-21, it has a CVSS v3.1 base score of 9.8 (Critical), reflecting network accessibility, low attack complexity, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability.
A remote unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests to the management interface, enabling privilege escalation and the ability to lock out the legitimate administrator. Successful exploitation grants the attacker administrative control over the device, potentially allowing full compromise including unauthorized access to configurations, data, and network functions.
Advisories and mitigation details are available in referenced sources, including the vulnerability report at https://github.com/navy-birds-MRS/vuln-reports/blob/main/vendors/netlink/CVE-2025-60772/advisory.md and the product page at https://netlinkict.com/shop/gpon-ont/gpon-ont-hg322g/.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Remote unauthenticated exploitation of web management interface (T1190) enables privilege escalation to gain full device control (T1068).