CVE-2025-65855

MEDIUM

Netun Solutions HelpFlash IoT v18_178_221102_ASCII_PRO_1R5_50 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-65855. PoCs published by LuisMirandaAcebedo.

AI-analyzed exploit summary This repository contains a detailed writeup for CVE-2025-65855, describing multiple vulnerabilities in the OTA firmware update mechanism of Netun Solutions HelpFlash IoT devices. The vulnerabilities include hard-coded WiFi credentials, unauthenticated update servers, and cleartext transmission, allowing arbitrary code execution with brief physical access.

Description

The OTA firmware update mechanism in Netun Solutions HelpFlash IoT (firmware v18_178_221102_ASCII_PRO_1R5_50) uses hard-coded WiFi credentials identical across all devices and does not authenticate update servers or validate firmware signatures. An attacker with brief physical access can activate OTA mode (8-second button press), create a malicious WiFi AP using the known credentials, and serve malicious firmware via unauthenticated HTTP to achieve arbitrary code execution on this safety-critical emergency signaling device.

Exploits (1)

nomisec WRITEUP

by LuisMirandaAcebedo · poc

https://github.com/LuisMirandaAcebedo/CVE-2025-65855

View Code ZIP pw:eip

This repository contains a detailed writeup for CVE-2025-65855, describing multiple vulnerabilities in the OTA firmware update mechanism of Netun Solutions HelpFlash IoT devices. The vulnerabilities include hard-coded WiFi credentials, unauthenticated update servers, and cleartext transmission, allowing arbitrary code execution with brief physical access.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Netun Solutions HelpFlash IoT v18_178_221102_ASCII_PRO_1R5_50 and prior

No auth needed

Prerequisites: brief physical access to the device · knowledge of hard-coded WiFi credentials

MITRE ATT&CK

T1200 - Hardware Additions T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Product

https://docs.espressif.com/projects/esp-idf/en/v4.3.2/

Third Party Advisory

https://luismirandaacebedo.github.io/CVE-2025-65855/

Scores

CVSS v3 6.6

EPSS 0.0008

EPSS Percentile 0.4%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-319 CWE-494 CWE-798

Status published

Products (1)

netun/helpflash_iot_firmware 18_178_221102_ascii_pro_1r5_50

Published Dec 17, 2025

Tracked Since Feb 18, 2026