CVE-2025-64385 CRITICAL

CVE-2025-64385: INCORRECT SECURITY VALIDATION IN SENDING UDP FRAMES

Vendor Circutor
Product TCPRS1plus
Weakness CWE-20 · Input validation
Published October 31, 2025
Last update November 3, 2025

CVSS base score

9.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:H

What the vulnerability does

01Description

The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturer’s software. Using the manufacturer's software, the device can be configured via UDP. Analyzing this communication, it has been observed that any aspect of the initial configuration can be changed by means of the device's MAC without the need for authentication.

Key dates

02Disclosure timeline

October 31, 2025 CVE published
November 3, 2025 Record updated