CVE-2025-63207
published 2025-11-19CVE-2025-63207: The R.V.R Elettronica TEX product (firmware TEXL-000400, Web GUI TLAN-000400) is vulnerable to broken access control due to improper authentication checks on…
PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
6.25%
92.7th percentile
The R.V.R Elettronica TEX product (firmware TEXL-000400, Web GUI TLAN-000400) is vulnerable to broken access control due to improper authentication checks on the /_Passwd.html endpoint. An attacker can send an unauthenticated POST request to change the Admin, Operator, and User passwords, resulting in complete system compromise.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rvr | tex1002lcd_firmware | — | — |
| rvr | tex100lcd_s_firmware | — | — |
| rvr | tex150lcd_s_firmware | — | — |
| rvr | tex2000light_firmware | — | — |
| rvr | tex2500lcd_firmware | — | — |
| rvr | tex300lcd_firmware | — | — |
| rvr | tex30lcd_s_firmware | — | — |
| rvr | tex3500lcd_firmware | — | — |
| rvr | tex502lcd_firmware | — | — |
| rvr | tex50lcd_s_firmware | — | — |
| rvr | tex702lcd_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort
alert http any any -> $HOME_NET any (msg:"ET WEB_SERVER R.V.R Elettronica TEX Unauthenticated Password Change (CVE-2025-63207)"; flow:established,to_server; http.uri; bsize:13; content:"/_Passwd.html"; fast_pattern; http.request_body; content:"PSW_"; pcre:"/^(?:Admin|User|Oper)\x3d/R"; reference:url,nvd.nist.gov/vuln/detail/CVE-2025-63207; reference:cve,2025-63207; classtype:web-application-attack; sid:2065931; rev:1; metadata:attack_target Server, tls_state TLSDecrypt, created_at 2025_11_26, cve CVE_2025_63207, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence High, signature_severity Major, tag Exploit, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2025_11_26, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
- →Match unauthenticated HTTP POST requests to the exact URI path /_Passwd.html (URI length exactly 13 bytes) targeting the R.V.R Elettronica TEX web GUI.
- →Inspect the HTTP request body for the string PSW_ followed by a role prefix (Admin=, User=, or Oper=) to identify a password-change attempt.
- →The vulnerability is exploitable without authentication — no session cookie or Authorization header is required in the POST request.
- ·Affected firmware versions are specifically TEXL-000400 (firmware) and TLAN-000400 (Web GUI); detections should be scoped to devices running these versions. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SERVER R.V.R Elettronica TEX Unauthenticated Password Change (CVE-2025-63207)
suricata·2025-11-26·CVSS 9.8
CVE-2025-63207 [CRITICAL] ET WEB_SERVER R.V.R Elettronica TEX Unauthenticated Password Change (CVE-2025-63207)
ET WEB_SERVER R.V.R Elettronica TEX Unauthenticated Password Change (CVE-2025-63207)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SERVER R.V.R Elettronica TEX Unauthenticated Password Change (CVE-2025-63207)"; flow:established,to_server; http.uri; bsize:13; content:"/_Passwd.html"; fast_pattern; http.request_body; content:"PSW_"; pcre:"/^(?:Admin|User|Oper)\x3d/R"; reference:url,nvd.nist.gov/vuln/detail/CVE-2025-63207; reference:cve,2025-63207; classtype:web-application-attack; sid:2065931; rev:1; metadata:attack_target Server, tls_state TLSDecrypt, created_at 2025_11_26, cve CVE_2025_63207, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence High, signature_severity Major, tag Exploit, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2025_11_26
No public exploits indexed.
No writeups or analysis indexed.
2025-11-19
Published