Cyber Posture

CVE-2025-63210

CriticalPublic PoC

Published: 19 November 2025

Published
19 November 2025
Modified
15 January 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0014 33.1th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

The Newtec Celox UHD (models: CELOXA504, CELOXA820) running firmware version celox-21.6.13 is vulnerable to an authentication bypass. An attacker can exploit this issue by modifying intercepted responses from the /celoxservice endpoint. By injecting a forged response body during the loginWithUserName…

more

flow, the attacker can gain Superuser or Operator access without providing valid credentials.

Mitigating Controls (NIST 800-53 r5)AI

SC-8 Transmission Confidentiality and Integrity good match
prevent

Enforces cryptographic mechanisms to protect the confidentiality and integrity of transmitted authentication responses, directly preventing man-in-the-middle modification during the loginWithUserName flow.

IA-2 Identification and Authentication (Organizational Users) good match
prevent

Mandates robust organizational user identification and authentication mechanisms that resist improper authentication and bypasses via assumed-immutable data like forged login responses.

SI-2 Flaw Remediation good match
prevent

Requires timely identification, reporting, and remediation of flaws such as this firmware-specific authentication bypass vulnerability.

Security SummaryAI

CVE-2025-63210 is an authentication bypass vulnerability in Newtec Celox UHD devices, specifically models CELOXA504 and CELOXA820 running firmware version celox-21.6.13. The issue enables an attacker to modify intercepted responses from the /celoxservice endpoint and inject a forged response body during the loginWithUserName flow, allowing Superuser or Operator access without valid credentials. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWEs 287 (Improper Authentication), 302 (Authentication Bypass by Assumed-Immutable Data), and 303 (Incorrect Implementation of Authentication Algorithm).

A remote, unauthenticated attacker with the ability to intercept network traffic to the affected device can exploit this vulnerability through a man-in-the-middle technique. By altering the login response, the attacker achieves privilege escalation to Superuser or Operator levels, potentially compromising confidentiality, integrity, and availability of the device with high impact and no user interaction required.

Details on the vulnerability, including proof-of-concept information, are documented in a GitHub research repository at https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63210_Newtec%20Celox%20UHD%20Authentication%20Bypass%20_%20Privilege%20Escalation, with the vendor site available at https://www.newtec.com/. Security practitioners should consult these references for any vendor-provided advisories, patches, or mitigation guidance.

Details

CWE(s)
CWE-287CWE-302CWE-303

Affected Products

newtec
celoxa504 firmware
celox-21.6.13
newtec
celoxa820 firmware
celox-21.6.13

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
attack.mitre.org →
Why these techniques?

The vulnerability is an authentication bypass in a public-facing web endpoint (/celoxservice) exploitable via man-in-the-middle (T1557) to gain superuser/operator privileges (T1068), directly mapping to exploitation of public-facing applications (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References