CVE-2025-30072

HIGH

Tiiwee X1 Alarm System TWX1HAKV2 - Auth Bypass

Title source: llm

Description

Tiiwee X1 Alarm System TWX1HAKV2 allows Authentication Bypass by Capture-replay, leading to physical Access to the protected facilities without triggering an alarm.

References (3)

[Third Party Advisory] https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2025-006.txt

[Product] https://www.tiiwee.com/collections/x1-alarm-systems

[Mailing List] http://seclists.org/fulldisclosure/2025/May/20

Scores

CVSS v3 7.6

EPSS 0.0022

EPSS Percentile 44.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-294

Status published

Products (1)

tiiwee/twx1hakv2_firmware

Published May 19, 2025

Tracked Since Feb 18, 2026