Cyber Posture

CVE-2025-64075

Critical

Published: 11 February 2026

Published
11 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0058 69.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

A path traversal vulnerability in the check_token function of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to bypass authentication and perform administrative actions by supplying a crafted session cookie value.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Requires validation of session cookie inputs to prevent path traversal exploitation in the check_token function that bypasses authentication.

SI-2 Flaw Remediation good match
prevent

Mandates timely identification, reporting, and correction of the specific path traversal flaw via firmware patching to eliminate authentication bypass.

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations to block unauthorized administrative access even when authentication mechanisms like check_token are targeted.

Security SummaryAI

CVE-2025-64075 is a path traversal vulnerability (CWE-22) in the check_token function of the Shenzhen Zhibotong Electronics ZBT WE2001 router running firmware version 23.09.27. Published on 2026-02-11, it enables remote attackers to bypass authentication mechanisms by supplying a crafted session cookie value, granting unauthorized access to administrative functions. The vulnerability carries a maximum CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), reflecting its critical severity due to network accessibility, low attack complexity, and comprehensive impact on confidentiality, integrity, and availability with changed scope.

Remote, unauthenticated attackers can exploit this vulnerability over the network without user interaction or privileges. By crafting and sending a malicious session cookie to the affected device, they can evade the check_token authentication check, effectively impersonating an administrator. Successful exploitation allows full administrative control, potentially enabling actions such as configuration changes, firmware modifications, data exfiltration, or device compromise for further network pivoting.

For mitigation guidance, security practitioners should consult the detailed advisory from NeutSec at https://neutsec.io/advisories/cve-2025-64075 and the vendor's site at https://www.zbtwifi.com, which may provide patches, firmware updates, or workarounds specific to the ZBT WE2001 device.

Details

CWE(s)
CWE-22

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Path traversal vulnerability in check_token function allows remote unauthenticated attackers to bypass authentication via crafted session cookie, directly enabling exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References