CVE-2025-65753

HIGH

Guardian Gryphon v01.06.0006.22 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-65753. PoCs published by diegovargasj.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2025-65753, a TLS certificate validation flaw in Gryphon Guardian access points. It describes two exploitation methods (MitM and DNS spoofing) and includes step-by-step instructions for intercepting and replacing a speedtest client binary to achieve remote code execution as root.

Description

An issue in the TLS certification mechanism of Guardian Gryphon v01.06.0006.22 allows attackers to execute commands as root.

Exploits (1)

nomisec WRITEUP
by diegovargasj · poc
https://github.com/diegovargasj/CVE-2025-65753

This repository provides a detailed technical analysis of CVE-2025-65753, a TLS certificate validation flaw in Gryphon Guardian access points. It describes two exploitation methods (MitM and DNS spoofing) and includes step-by-step instructions for intercepting and replacing a speedtest client binary to achieve remote code execution as root.

Classification
Writeup 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Gryphon Guardian access point, firmware version 01.06.0006.22
No auth needed
Prerequisites: Network access to intercept traffic · Ability to spoof DNS or perform MitM · Self-signed TLS certificate · Custom payload (e.g., Meterpreter script)
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Various Sources
http://gryphon.com

Scores

CVSS v3 7.5
EPSS 0.0039
EPSS Percentile 30.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-295
Status published
Published Feb 17, 2026
Tracked Since Feb 18, 2026