CVE-2025-63218 | THREATINT

Description

The Axel Technology WOLF1MS and WOLF2MS devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system settings, leading to full compromise of the device.

PUBLISHED Reserved 2025-10-27 | Published 2025-11-19 | Updated 2025-11-19 | Assigner mitre

References

www.axeltechnology.com/

github.com/...gy WOLF1MS and WOLF2MS - Broken Access Control

cve.org (CVE-2025-63218)

nvd.nist.gov (CVE-2025-63218)

Download JSON