CVE-2025-63207

CriticalPublic PoC

Published: 19 November 2025

Published

19 November 2025

Modified

15 January 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0025 48.1th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

The R.V.R Elettronica TEX product (firmware TEXL-000400, Web GUI TLAN-000400) is vulnerable to broken access control due to improper authentication checks on the /_Passwd.html endpoint. An attacker can send an unauthenticated POST request to change the Admin, Operator, and User…

passwords, resulting in complete system compromise.

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Enforces approved access authorizations to block unauthenticated POST requests from changing Admin, Operator, and User passwords.

IA-5 Authenticator Management partial match

prevent

Manages authenticators like passwords to ensure changes are performed only through authorized, protected mechanisms.

AC-2 Account Management partial match

prevent

Establishes account management processes to control modifications to credentials and prevent unauthorized account takeovers.

Security SummaryAI

CVE-2025-63207 affects the R.V.R Elettronica TEX product, specifically firmware version TEXL-000400 and Web GUI version TLAN-000400. The vulnerability is a broken access control issue stemming from improper authentication checks on the /_Passwd.html endpoint, classified under CWE-287 (Improper Authentication). It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to high impact on confidentiality, integrity, and availability.

A remote, unauthenticated attacker can exploit this vulnerability by sending a POST request to the /_Passwd.html endpoint without any authentication. Successful exploitation allows the attacker to change the passwords for Admin, Operator, and User accounts, resulting in complete system compromise and full control over the device.

Mitigation details and further information are available in the referenced advisories, including the vulnerability research repository at https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63207_RVR%20Elettronica%20TEX%20Broken%20Access%20Control and the vendor website at https://www.rvr.it/en/.

Details

CWE(s): CWE-287

Affected Products

rvr

tex30lcd\/s firmware

texl-000400

rvr

tex50lcd\/s firmware

texl-000400

rvr

tex100lcd\/s firmware

texl-000400

rvr

tex150lcd\/s firmware

texl-000400

rvr

tex300lcd firmware

texl-000400

rvr

tex502lcd firmware

texl-000400

rvr

tex702lcd firmware

texl-000400

rvr

tex3500lcd firmware

texl-000400

rvr

tex1002lcd firmware

texl-000400

rvr

tex2000light firmware

texl-000400

+1 more product configuration(s) — see NVD for full list

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability enables unauthenticated remote exploitation of a public-facing web GUI endpoint to change admin passwords, directly facilitating T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63207_RVR%20Elettronica%20TEX%20Broken%20Access%20Control
Exploit, Third Party Advisory · cve@mitre.org
https://www.rvr.it/en/
Product · cve@mitre.org
https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63207_RVR%20Elettronica%20TEX%20Broken%20Access%20Control
Exploit, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0