Strix
26.1K

CVE-2025-6763

HIGHCVSS 8.2/10EPSS 1.16%

Last modified

CVE-2025-6763 is a high-severity vulnerability rated 8.2/10 on the CVSS scale. A vulnerability was found in Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 1.60. Affected by this issue is some unknown functionality of the file /setupA.cfg of the component Web-based Management Interface. EPSS estimates a 1.16% chance of exploitation in the next 30 days.

Description

A vulnerability was found in Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 1.60. Affected by this issue is some unknown functionality of the file /setupA.cfg of the component Web-based Management Interface. Performing manipulation results in missing authentication. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been made public and could be used. There are still doubts about whether this vulnerability truly exists. The vendor explains, that "[d]evices described at CVE are not intended to be exposed into internet and proper security of devices is to end-users."

Metrics

CVSS 3.1
8.1/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 4.0
8.2/10

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability
1.16%

63.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CometsystemT7611 Firmware1-5-7-5.1252
CometsystemT4511 Firmware1-5-7-5.1252
CometsystemT0510 Firmware1-5-7-5.1252
CometsystemT6640 Firmware1-5-7-5.1252
CometsystemT3510 Firmware1-5-7-5.1252
CometsystemT7511 Firmware1-5-7-5.1251
CometsystemT3511 Firmware1-5-7-2.1151
CometsystemP8510 Firmware4-5-8-0.3488
CometsystemP8552 Firmware4-5-8-1.3502
CometsystemH3531 Firmware9-5-0-1.1327

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2025-6763?
A vulnerability was found in Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 1.60. Affected by this issue is some unknown functionality of the file /setupA.cfg of the component Web-based Management Interface. Performing manipulation results in missing authentication. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The exploit has been made public and could be used. There are still doubts about whether this vulnerability truly exists. The vendor explains, that "[d]evices described at CVE are not intended to be exposed into internet and proper security of devices is to end-users."
How severe is CVE-2025-6763?
CVE-2025-6763 has a CVSS score of 8.2/10 (HIGH severity). The EPSS model estimates a 1.16% probability of exploitation in the next 30 days.
How do I fix CVE-2025-6763?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-6763?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST