fkie_cve-2025-25037
Vulnerability from fkie_nvd
Published
2025-06-20 19:15
Modified
2025-06-23 20:16
Severity ?
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H
Summary
An information disclosure vulnerability exists in Aquatronica Controller System firmware versions <= 5.1.6 and web interface versions <= 2.0. The tcp.php endpoint fails to restrict unauthenticated access, allowing remote attackers to issue crafted POST requests and retrieve sensitive configuration data, including plaintext administrative credentials. Exploitation of this flaw can lead to full compromise of the system, enabling unauthorized manipulation of connected devices and aquarium parameters.
References
disclosure@vulncheck.comhttps://fortiguard.fortinet.com/encyclopedia/ips/56008
disclosure@vulncheck.comhttps://vulncheck.com/advisories/aquatronica-controller-system-credential-leak
disclosure@vulncheck.comhttps://www.aquatronica.com
disclosure@vulncheck.comhttps://www.exploit-db.com/exploits/52028
disclosure@vulncheck.comhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5824.php
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An information disclosure vulnerability exists in Aquatronica Controller System firmware versions \u003c= 5.1.6 and web interface versions \u003c= 2.0. The tcp.php endpoint fails to restrict unauthenticated access, allowing remote attackers to issue crafted POST requests and retrieve sensitive configuration data, including plaintext administrative credentials. Exploitation of this flaw can lead to full compromise of the system, enabling unauthorized manipulation of connected devices and aquarium parameters."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en las versiones de firmware de Aquatronica Controller System anteriores a la 5.1.6 y anteriores a la 2.0 de la interfaz web. El endpoint tcp.php no restringe el acceso no autenticado, lo que permite a atacantes remotos emitir solicitudes POST manipuladas y recuperar datos de configuraci\u00f3n confidenciales, incluyendo credenciales administrativas en texto plano. La explotaci\u00f3n de esta vulnerabilidad puede comprometer por completo el sistema, lo que permite la manipulaci\u00f3n no autorizada de los dispositivos conectados y los par\u00e1metros del acuario."
    }
  ],
  "id": "CVE-2025-25037",
  "lastModified": "2025-06-23T20:16:21.633",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 9.3,
          "baseSeverity": "CRITICAL",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "HIGH",
          "subConfidentialityImpact": "HIGH",
          "subIntegrityImpact": "HIGH",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "disclosure@vulncheck.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-20T19:15:35.870",
  "references": [
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://fortiguard.fortinet.com/encyclopedia/ips/56008"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://vulncheck.com/advisories/aquatronica-controller-system-credential-leak"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://www.aquatronica.com"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://www.exploit-db.com/exploits/52028"
    },
    {
      "source": "disclosure@vulncheck.com",
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5824.php"
    }
  ],
  "sourceIdentifier": "disclosure@vulncheck.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "disclosure@vulncheck.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.