Overview
CVE-2025-63205 describes an information disclosure vulnerability affecting several BridgeTech probes, specifically the VB220 IP Network Probe, VB120 Embedded IP + RF Probe, VB330 High-Capacity Probe, VB440 ST 2110 Production Analytics Probe, and the NOMAD. Firmware versions 6.5.0-9 are impacted. This flaw allows attackers to potentially gain access to sensitive information, including administrator passwords, through the exposed `/probe/core/setup/passwd` endpoint.
Technical Details
The vulnerability resides within the web interface of the affected BridgeTech probes. The `/probe/core/setup/passwd` endpoint, intended for internal configuration or maintenance purposes, lacks adequate access controls. This allows unauthenticated or improperly authenticated users to access the endpoint and retrieve sensitive data, most critically, potentially plaintext or weakly hashed administrator passwords. This direct access circumvents intended security measures, allowing unauthorized access to system configuration and control.
CVSS Analysis
At the time of publication (2025-11-19T18:15:48.507), a CVSS score has not been assigned for CVE-2025-63205. However, given the potential for administrator password disclosure, this vulnerability should be considered high-risk. The lack of authentication requirements coupled with the sensitivity of the exposed data makes it readily exploitable.
Possible Impact
Successful exploitation of CVE-2025-63205 could have severe consequences:
- Complete System Compromise: Gaining administrator credentials allows attackers to fully control the affected BridgeTech probe.
- Network Disruption: Attackers could reconfigure the probe to disrupt network monitoring or inject malicious traffic.
- Data Exfiltration: If the probe has access to sensitive network data, attackers could exfiltrate it.
- Lateral Movement: Compromised probes could be used as a stepping stone to attack other devices on the network.
- Service Disruption: Configuration changes could lead to service unavailability and operational downtime.
Mitigation or Patch Steps
To mitigate the risk of CVE-2025-63205, the following steps are recommended:
- Upgrade Firmware: BridgeTech has likely released a patch. Immediately upgrade to the latest firmware version available for your specific probe model. Contact BridgeTech support or visit their website for update instructions.
- Network Segmentation: Isolate the BridgeTech probes on a separate network segment with restricted access to other critical systems.
- Access Control Lists (ACLs): Implement ACLs to restrict access to the `/probe/core/setup/passwd` endpoint, allowing only authorized administrators from specific IP addresses. (If possible prior to firmware upgrade)
- Monitor Network Traffic: Monitor network traffic for suspicious activity targeting the affected probes. Look for requests to the `/probe/core/setup/passwd` endpoint from unexpected sources.
- Principle of Least Privilege: Limit user access to the probes based on the principle of least privilege. Ensure that users only have the necessary permissions to perform their duties.
