CVE-2025-63409
Published: 24 February 2026
Description
Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote authenticated users to modify administrator only settings and extract administrator credentials.
Mitigating Controls (NIST 800-53 r5)AI
Enforces least privilege to prevent low-privilege authenticated users from escalating to administrator actions like modifying settings or extracting credentials.
Mandates enforcement of access control policies to block improper access by remote authenticated users to administrator-only functions.
Directly remediates the specific privilege escalation flaw in GCOM EPON 1GE C00R371V00B01 through timely flaw correction and patching.
Security SummaryAI
CVE-2025-63409 is a privilege escalation and improper access control vulnerability, mapped to CWE-284, in the GCOM EPON 1GE C00R371V00B01. This issue allows remote authenticated users to bypass restrictions and perform actions typically limited to administrators. The vulnerability received a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-02-24T16:24:06.990.
An attacker with low-privilege authenticated access over the network can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables modification of administrator-only settings and extraction of administrator credentials, resulting in high impacts to confidentiality, integrity, and availability.
Mitigation details are available in advisories referenced at http://gcom.com and the disclosure repository at https://github.com/theShinigami/CVE-Disclosures/tree/main/CVE-2025-63409.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables privilege escalation (T1068), exploitation of remote services (T1210), and credential access via extraction of admin credentials (T1212).