CVE-2025-63205

HIGH

Bridgetech probes <5.6.0-3 - Info Disclosure

Title source: llm

Description

An issue was discovered in bridgetech probes VB220 IP Network Probe,VB120 Embedded IP + RF Probe, VB330 High-Capacity Probe, VB440 ST 2110 Production Analytics Probe, and NOMAD, firmware versions 6.5.0-9, allowing attackers to gain sensitive information such as administrator passwords via the /probe/core/setup/passwd endpoint. NOTE: the Supplier disagrees that 6.5.0-9 is affected, and instead reports that 5.6.0-3 and earlier are affected, and 5.6.0-4 (2020-09-21) and later are fixed.

References (2)

Core 2

Core References

Product

https://bridgetech.tv/

Exploit, Third Party Advisory

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63205_bridgetech%20probes%20Information%20Disclosure

View Exploit ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0006

EPSS Percentile 19.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (5)

bridgetech/nomad_portable_firmware 6.5.0-9

bridgetech/vb120_firmware 6.5.0-9

bridgetech/vb220_firmware 6.5.0-9

bridgetech/vb330_firmware 6.5.0-9

bridgetech/vb440_firmware 6.5.0-9

Published Nov 19, 2025

Tracked Since Feb 18, 2026