CVE-2025-11781 – This vulnerability allows attackers with local ... (How to Fix)

Q: What is the severity of CVE-2025-11781?

CVE-2025-11781 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers with local access to extract a hardcoded cryptographic key from Circutor SGE-PLC1000/SGE-PLC50 devices. Using this key, they can create valid firmware update packages that bypass all access controls and gain full administrative privileges. Organizations using these specific industrial control system devices are affected.

📋 TL;DR

This vulnerability allows attackers with local access to extract a hardcoded cryptographic key from Circutor SGE-PLC1000/SGE-PLC50 devices. Using this key, they can create valid firmware update packages that bypass all access controls and gain full administrative privileges. Organizations using these specific industrial control system devices are affected.

💻 Affected Systems

Products:

Circutor SGE-PLC1000
Circutor SGE-PLC50

Versions: v9.0.2

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running the affected firmware version are vulnerable regardless of configuration.

📦 What is this software?

Sge Plc1000 Firmware by Circutor

View all CVEs affecting Sge Plc1000 Firmware →

Sge Plc50 Firmware by Circutor

View all CVEs affecting Sge Plc50 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of industrial control systems, allowing attackers to install malicious firmware, disrupt operations, manipulate physical processes, and maintain persistent access.

🟠

Likely Case

Local attackers gaining administrative access to modify device configurations, disrupt operations, or use devices as footholds into industrial networks.

🟢

If Mitigated

Limited impact if devices are physically secured and network segmentation prevents lateral movement from compromised devices.

🌐 Internet-Facing: LOW - Requires local access to device or firmware image, not directly exploitable over internet.

🏢 Internal Only: HIGH - Industrial control systems often have physical access points, and compromised devices can affect critical infrastructure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access to extract key from firmware/memory, but once obtained, creating malicious firmware packages is straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products-0

Restart Required: No

Instructions:

No official patch available. Monitor vendor for firmware updates and apply immediately when released.

🔧 Temporary Workarounds

Physical Access Control

all

Restrict physical access to devices to prevent attackers from extracting firmware or accessing device memory.

Network Segmentation

all

Isolate affected devices in separate network segments to limit lateral movement if compromised.

🧯 If You Can't Patch

Implement strict physical security controls around all affected devices
Monitor for unauthorized firmware update attempts and network traffic from these devices

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface or serial console. If version is v9.0.2, device is vulnerable.

Check Version:

Check via device web interface or use serial console commands specific to Circutor devices

Verify Fix Applied:

Verify firmware version has been updated to a version beyond v9.0.2 when vendor releases patch.

📡 Detection & Monitoring

Log Indicators:

Unauthorized firmware update attempts
Authentication bypass events
Unexpected device reboots

Network Indicators:

Unexpected firmware update traffic
Unauthorized administrative access to device management interfaces

SIEM Query:

Search for firmware update events from Circutor devices outside maintenance windows or from unauthorized sources

📊 Metadata

CVE ID: CVE-2025-11781

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-321

EPSS Score: 0.02% exploit probability (6.1th percentile)

Published: December 2, 2025

Last Updated: December 3, 2025

🔗 References

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products-0 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11781, you might also want to check these: