CVE-2025-63214

MEDIUM

Bridgetech Vbc Server - Improper Access Control

Title source: rule

Description

An issue was discovered in bridgetech VBC Server & Element Manager, firmware version 6.5.0-10 , 6.5.0-9, allowing unauthorized attackers to delete and create arbitrary accounts.

References (2)

Core 2

Core References

Product

https://bridgetech.tv/

Exploit, Third Party Advisory

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63214_bridgetech%20VBC%20Server%20and%20Element%20Manager%20Broken%20Access%20Control

View Exploit ZIP pw:eip

Scores

CVSS v3 6.5

EPSS 0.0008

EPSS Percentile 22.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (2)

bridgetech/vbc_server 6.5.0-9

bridgetech/vbc_server 6.5.0-10

Published Nov 19, 2025

Tracked Since Feb 18, 2026