cbcvebase.
CVE-2025-63207
published 2025-11-19

CVE-2025-63207: The R.V.R Elettronica TEX product (firmware TEXL-000400, Web GUI TLAN-000400) is vulnerable to broken access control due to improper authentication checks on…

PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
6.25%
92.7th percentile
The R.V.R Elettronica TEX product (firmware TEXL-000400, Web GUI TLAN-000400) is vulnerable to broken access control due to improper authentication checks on the /_Passwd.html endpoint. An attacker can send an unauthenticated POST request to change the Admin, Operator, and User passwords, resulting in complete system compromise.

Affected

11 ranges
VendorProductVersion rangeFixed in
rvrtex1002lcd_firmware
rvrtex100lcd_s_firmware
rvrtex150lcd_s_firmware
rvrtex2000light_firmware
rvrtex2500lcd_firmware
rvrtex300lcd_firmware
rvrtex30lcd_s_firmware
rvrtex3500lcd_firmware
rvrtex502lcd_firmware
rvrtex50lcd_s_firmware
rvrtex702lcd_firmware

Detection & IOCsextracted from sources · hover to see the quote

path/_Passwd.html
snort
alert http any any -> $HOME_NET any (msg:"ET WEB_SERVER R.V.R Elettronica TEX Unauthenticated Password Change (CVE-2025-63207)"; flow:established,to_server; http.uri; bsize:13; content:"/_Passwd.html"; fast_pattern; http.request_body; content:"PSW_"; pcre:"/^(?:Admin|User|Oper)\x3d/R"; reference:url,nvd.nist.gov/vuln/detail/CVE-2025-63207; reference:cve,2025-63207; classtype:web-application-attack; sid:2065931; rev:1; metadata:attack_target Server, tls_state TLSDecrypt, created_at 2025_11_26, cve CVE_2025_63207, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence High, signature_severity Major, tag Exploit, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2025_11_26, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
  • Match unauthenticated HTTP POST requests to the exact URI path /_Passwd.html (URI length exactly 13 bytes) targeting the R.V.R Elettronica TEX web GUI.
  • Inspect the HTTP request body for the string PSW_ followed by a role prefix (Admin=, User=, or Oper=) to identify a password-change attempt.
  • The vulnerability is exploitable without authentication — no session cookie or Authorization header is required in the POST request.
  • ·Affected firmware versions are specifically TEXL-000400 (firmware) and TLAN-000400 (Web GUI); detections should be scoped to devices running these versions.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.