CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-2763

CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of update packages on USB drives. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24356.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 11.3%

CVSS Severity

CVSS v3 Score 6.8

References

https://www.zerodayinitiative.com/advisories/ZDI-25-179/

Products affected by CVE-2025-2763

Carlinkit » Autokit » Version: 2024.01.19.1541

cpe:2.3:a:carlinkit:autokit:2024.01.19.1541
Carlinkit » Cpc200-Ccpa » Version: N/A

cpe:2.3:h:carlinkit:cpc200-ccpa:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-2763

Products

Pricing

Contact Us