ByteOS Network

NVD Vulnerability Details :

CVE-2025-25037

Awaiting Analysis

Source-disclosure@vulncheck.com

Published At-20 Jun, 2025 | 19:15

Updated At-23 Jun, 2025 | 20:16

An information disclosure vulnerability exists in Aquatronica Controller System firmware versions <= 5.1.6 and web interface versions <= 2.0. The tcp.php endpoint fails to restrict unauthenticated access, allowing remote attackers to issue crafted POST requests and retrieve sensitive configuration data, including plaintext administrative credentials. Exploitation of this flaw can lead to full compromise of the system, enabling unauthorized manipulation of connected devices and aquarium parameters.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	9.3	CRITICAL	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 4.0

Base score: 9.3

Base severity: CRITICAL

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses

CWE ID	Type	Source
CWE-200	Secondary	disclosure@vulncheck.com

CWE ID: CWE-200

Type: Secondary

Source: disclosure@vulncheck.com

References

Hyperlink	Source	Resource
https://fortiguard.fortinet.com/encyclopedia/ips/56008	disclosure@vulncheck.com	N/A
https://vulncheck.com/advisories/aquatronica-controller-system-credential-leak	disclosure@vulncheck.com	N/A
https://www.aquatronica.com	disclosure@vulncheck.com	N/A
https://www.exploit-db.com/exploits/52028	disclosure@vulncheck.com	N/A
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5824.php	disclosure@vulncheck.com	N/A