CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-63210

The Newtec Celox UHD (models: CELOXA504, CELOXA820) running firmware version celox-21.6.13 is vulnerable to an authentication bypass. An attacker can exploit this issue by modifying intercepted responses from the /celoxservice endpoint. By injecting a forged response body during the loginWithUserName flow, the attacker can gain Superuser or Operator access without providing valid credentials.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 31.5%

CVSS Severity

CVSS v3 Score 9.8

References

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63210_Newtec%20Celox%20UHD%20Authentication%20Bypass%20_%20Privilege%20Escalation
https://www.newtec.com/

Products affected by CVE-2025-63210

Newtec » Celoxa504 » Version: N/A

cpe:2.3:h:newtec:celoxa504:-
Newtec » Celoxa820 » Version: N/A

cpe:2.3:h:newtec:celoxa820:-
Newtec » Celoxa504 Firmware » Version: celox-21.6.13

cpe:2.3:o:newtec:celoxa504_firmware:celox-21.6.13
Newtec » Celoxa820 Firmware » Version: celox-21.6.13

cpe:2.3:o:newtec:celoxa820_firmware:celox-21.6.13

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-63210

Products

Pricing

Contact Us