CVE-2025-64387
MEDIUMCircutor TCPRS1plus >=1.0.14 <1.0.14 - Clickjacking
Title source: llmDescription
The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted into a page controlled by the attacker in order to deceive the victim. This deception can range from making the victim click on a button to making them enter their login credentials in a form that, a priori, appears legitimate.
References (3)
Core 3
Core References
Various Sources product
https://circutor.com/productos/iot-industrial-y-automatizacion/conversores-y-pasarelas/product/D80010./
Various Sources technical-description
https://www.hackrtu.com/blog/cg-0day-en-003/
Various Sources
https://cds.thalesgroup.com/es/s21sec
Scores
CVSS v4
5.1
EPSS
0.0032
EPSS Percentile
22.9%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-1021
Status
published
Products (1)
Circutor/TCPRS1plus
1.0.14
Published
Oct 31, 2025
Tracked Since
Feb 18, 2026