CVE-2025-64310 | THREATINT

Description

EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts. An administrative user's password may be identified through a brute force attack.

PUBLISHED Reserved 2025-10-30 | Published 2025-11-21 | Updated 2025-11-21 | Assigner jpcert

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

Improper restriction of excessive authentication attempts

Product status

see the information provided by the vendor

affected

see the information provided by the vendor

affected

References

www.epson.jp/support/misc_t/251120_oshirase.htm

jvn.jp/en/vu/JVNVU95021911/

cve.org (CVE-2025-64310)

nvd.nist.gov (CVE-2025-64310)

Download JSON