CVE-2025-10127 CRITICAL

CVE-2025-10127: Daikin Europe N.V Security Gateway Weak Password Recovery Mechanism for Forgotten Password

Vendor Daikin Europe N.v

Product Security Gateway

Weakness CWE-640 · Weak password recovery

Published September 11, 2025

Last update September 24, 2025

View on NVD All CVEs

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Daikin Europe N.V Security Gateway is vulnerable to an authorization bypass through a user-controlled key vulnerability that could allow an attacker to bypass authentication. An unauthorized attacker could access the system without prior credentials.

Key dates

02Disclosure timeline

September 11, 2025 CVE published

September 24, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-10127 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/640.html

Related vulnerabilities

Identifiers

CVE CVE-2025-10127

CWE CWE-640

CVSS 9.8 / CRITICAL

Affected versions