Cyber Posture

CVE-2025-63206

CriticalPublic PoC

Published: 19 November 2025

Published
19 November 2025
Modified
31 December 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0015 34.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain escalated privileges via storing crafted cookies in the web browser.

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

Access Enforcement requires the system to enforce approved authorizations, directly mitigating the authentication bypass via crafted cookies that allowed unauthorized escalated privileges.

SC-23 Session Authenticity good match
prevent

Session Authenticity protects communications sessions from forgery or spoofing, preventing attackers from using crafted cookies to impersonate authenticated users in the web interface.

SI-10 Information Input Validation partial match
prevent

Information Input Validation ensures checks on inputs like cookies, addressing the lack of validation that enabled the crafted cookie authentication bypass.

Security SummaryAI

CVE-2025-63206 is an authentication bypass vulnerability in the web-based interface of the Dasan Switch DS2924, affecting firmware versions 1.01.18 and 1.02.00. The issue, linked to CWE-306 (Missing Authentication for Critical Function), enables attackers to gain escalated privileges by storing crafted cookies in the web browser. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility and high impact potential.

The vulnerability can be exploited by unauthenticated remote attackers with network access to the switch's web interface, requiring low complexity and no user interaction. By injecting crafted cookies, attackers bypass authentication controls, achieving escalated privileges that compromise confidentiality, integrity, and availability of the device to a high degree.

References include the vendor site at http://dasansmc.com/ and a GitHub repository with vulnerability research details at https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63206_Dasan%20Switch%20DS2924%20Authentication%20Bypass. No specific mitigation or patch guidance is detailed in the provided information.

Details

CWE(s)
CWE-306

Affected Products

dasannetworks
ds2924 firmware
1.01.18, 1.02.00

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1606.001 Web Cookies Credential Access
Adversaries may forge web cookies that can be used to gain access to web applications or Internet services.
attack.mitre.org →
Why these techniques?

The vulnerability enables exploitation of a public-facing web interface (T1190) for privilege escalation (T1068) via forged web cookies (T1606.001).

References