CVE-2025-63218 – This vulnerability allows unauthenticated remot... (How to Fix)

Q: What is the severity of CVE-2025-63218?

CVE-2025-63218 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows unauthenticated remote attackers to completely compromise Axel Technology WOLF1MS and WOLF2MS devices by accessing the /cgi-bin/gstFcgi.fcgi endpoint without authentication. Attackers can create administrative users, delete existing users, modify system settings, and take full control of affected devices. Organizations using these devices with firmware versions 0.8.5 through 1.0.3 are at risk.

📋 TL;DR

This vulnerability allows unauthenticated remote attackers to completely compromise Axel Technology WOLF1MS and WOLF2MS devices by accessing the /cgi-bin/gstFcgi.fcgi endpoint without authentication. Attackers can create administrative users, delete existing users, modify system settings, and take full control of affected devices. Organizations using these devices with firmware versions 0.8.5 through 1.0.3 are at risk.

💻 Affected Systems

Products:

Axel Technology WOLF1MS
Axel Technology WOLF2MS

Versions: 0.8.5 to 1.0.3

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running affected firmware versions are vulnerable by default. No special configuration required.

📦 What is this software?

Wolf1ms Firmware by Axeltechnology

View all CVEs affecting Wolf1ms Firmware →

Wolf2ms Firmware by Axeltechnology

View all CVEs affecting Wolf2ms Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover allowing attackers to create persistent backdoors, exfiltrate data, pivot to internal networks, and use devices for botnet participation or further attacks.

🟠

Likely Case

Unauthorized administrative access leading to configuration changes, user account manipulation, and potential data exposure from connected systems.

🟢

If Mitigated

Limited impact if devices are behind strict network segmentation with no internet exposure and proper authentication controls on other interfaces.

🌐 Internet-Facing: HIGH - Direct internet exposure allows remote unauthenticated exploitation from anywhere.

🏢 Internal Only: HIGH - Even internally, any network-accessible device can be compromised by internal threats or compromised hosts.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP requests to the vulnerable endpoint with no authentication required. Public GitHub repository contains proof-of-concept.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.axeltechnology.com/

Restart Required: No

Instructions:

Check vendor website for firmware updates. If available, download latest firmware and follow vendor's update procedures.

🔧 Temporary Workarounds

Network Access Control

all

Restrict network access to affected devices using firewall rules or network segmentation.

Web Application Firewall

all

Deploy WAF rules to block requests to /cgi-bin/gstFcgi.fcgi endpoint.

🧯 If You Can't Patch

Isolate affected devices in separate network segments with strict firewall rules
Implement network monitoring and intrusion detection for suspicious access to the vulnerable endpoint

🔍 How to Verify

Check if Vulnerable:

Send HTTP GET request to http://[device_ip]/cgi-bin/gstFcgi.fcgi and check if it responds without authentication.

Check Version:

Check device web interface or console for firmware version information.

Verify Fix Applied:

Attempt the same request after remediation - should require authentication or return error.

📡 Detection & Monitoring

Log Indicators:

Unauthenticated access to /cgi-bin/gstFcgi.fcgi
Unexpected user creation/modification events
Configuration changes from unknown sources

Network Indicators:

HTTP requests to /cgi-bin/gstFcgi.fcgi from unauthorized IPs
Unusual outbound connections from affected devices

SIEM Query:

source="device_logs" AND (uri="/cgi-bin/gstFcgi.fcgi" OR event="user_created" OR event="user_modified")

📊 Metadata

CVE ID: CVE-2025-63218

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-284

EPSS Score: 0.96% exploit probability (76.1th percentile)

Published: November 19, 2025

Last Updated: January 12, 2026

🔗 References

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63218_Axel%20Technology%20WOLF1MS%20and%20WOLF2MS%20-%20Broken%20Access%20Control Exploit,Third Party Advisory
https://www.axeltechnology.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-63218, you might also want to check these: