CVE-2025-63207

CRITICAL

R.V.R Elettronica TEX - Auth Bypass

Title source: llm

Description

The R.V.R Elettronica TEX product (firmware TEXL-000400, Web GUI TLAN-000400) is vulnerable to broken access control due to improper authentication checks on the /_Passwd.html endpoint. An attacker can send an unauthenticated POST request to change the Admin, Operator, and User passwords, resulting in complete system compromise.

References (2)

[Exploit, Third Party Advisory] https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63207_RVR%20Elettronica%20TEX%20Broken%20Access%20Control

View Exploit ZIP pw:eip

[Product] https://www.rvr.it/en/

Scores

CVSS v3 9.8

EPSS 0.0025

EPSS Percentile 48.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-287

Status published

Products (11)

rvr/tex1002lcd_firmware texl-000400

rvr/tex100lcd\/s_firmware texl-000400

rvr/tex150lcd\/s_firmware texl-000400

rvr/tex2000light_firmware texl-000400

rvr/tex2500lcd_firmware texl-000400

rvr/tex300lcd_firmware texl-000400

rvr/tex30lcd\/s_firmware texl-000400

rvr/tex3500lcd_firmware texl-000400

rvr/tex502lcd_firmware texl-000400

rvr/tex50lcd\/s_firmware texl-000400

... and 1 more

Published Nov 19, 2025

Tracked Since Feb 18, 2026