CVE-2025-67013

Q: What is the severity of CVE-2025-67013?

CVE-2025-67013 has a CVSS score of 6.5 (MEDIUM). This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in ETL Systems Ltd DEXTRA Series Digital L-Band Distribution System web management interface. Attackers can trick authenticated administrators into performing unauthorized configuration changes without their knowledge. This affects organizations using the vulnerable version of this satellite communication equipment management system.

6.5 MEDIUM

CSRF

📋 TL;DR

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in ETL Systems Ltd DEXTRA Series Digital L-Band Distribution System web management interface. Attackers can trick authenticated administrators into performing unauthorized configuration changes without their knowledge. This affects organizations using the vulnerable version of this satellite communication equipment management system.

💻 Affected Systems

Products:

ETL Systems Ltd DEXTRA Series Digital L-Band Distribution System

Versions: v1.8

Operating Systems: Embedded system

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the web management interface configuration endpoints. All installations with the vulnerable version are affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where attackers reconfigure the distribution system to disrupt satellite communications, reroute signals, or disable critical functionality.

🟠

Likely Case

Unauthorized configuration changes leading to service disruption, signal manipulation, or system instability requiring manual intervention to restore proper operation.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, though configuration changes could still occur if administrators are tricked.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

CSRF attacks require the victim to be authenticated to the management interface. The GitHub reference contains research demonstrating the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.etlsystems.com/

Restart Required: No

Instructions:

Check vendor website for security updates. If available, download and apply the patch following vendor instructions.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add CSRF protection tokens to all configuration endpoints in the web interface

Requires code modification - consult vendor or developer

Origin/Referer Validation

all

Implement server-side validation of Origin and Referer headers for all POST requests

Requires code modification - consult vendor or developer

🧯 If You Can't Patch

Segment the management interface to internal network only and restrict access to authorized administrators
Implement web application firewall (WAF) rules to detect and block CSRF attempts

🔍 How to Verify

Check if Vulnerable:

Test configuration endpoints for CSRF tokens and Origin/Referer validation using tools like Burp Suite or OWASP ZAP

Check Version:

Check system version through web interface or consult vendor documentation

Verify Fix Applied:

Verify that all configuration endpoints now require CSRF tokens and validate Origin/Referer headers

📡 Detection & Monitoring

Log Indicators:

Unexpected configuration changes
Multiple failed authentication attempts followed by configuration requests
Requests from unusual IP addresses to configuration endpoints

Network Indicators:

HTTP POST requests to configuration endpoints without CSRF tokens
Requests with mismatched Origin/Referer headers

SIEM Query:

source="web_logs" AND (uri="/config/*" OR uri="/admin/*") AND method="POST" AND (NOT csrf_token=*)

📊 Metadata

CVE ID: CVE-2025-67013

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-352

EPSS Score: 0.03% exploit probability (6.6th percentile)

Published: December 26, 2025

Last Updated: January 2, 2026

🔗 References

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-67013%20_%20ETL%20Systems%20Ltd%20DEXTRA%20Series%20_%20CSRF Exploit,Third Party Advisory
https://www.etlsystems.com/ Product

📋 TL;DR

💻 Affected Systems

📦 What is this software?

C0401d1uia 22476 Firmware by Etlsystems

C0401d1ula 22419 Firmware by Etlsystems

C0401d1ula 22456 Firmware by Etlsystems

C0401s1ula 22418 Firmware by Etlsystems

C0401s1ula 22455 Firmware by Etlsystems

C0801d1ula 22421 Firmware by Etlsystems

C0801d1ula 22458 Firmware by Etlsystems

C0801s1ula 22420 Firmware by Etlsystems

C0801s1ula 22457 Firmware by Etlsystems

C1601s1uia 22479 Firmware by Etlsystems

C1601s1ula 22422 Firmware by Etlsystems

C1601s1ula 22459 Firmware by Etlsystems

D0104d1ula 22411 Firmware by Etlsystems

D0104d1ula 22451 Firmware by Etlsystems

D0104s1ula 22410 Firmware by Etlsystems

D0104s1ula 22450 Firmware by Etlsystems

D0108d1uia 22473 Firmware by Etlsystems

D0108d1ula 22413 Firmware by Etlsystems

D0108d1ula 22453 Firmware by Etlsystems

D0108s1ula 22412 Firmware by Etlsystems

D0108s1ula 22452 Firmware by Etlsystems

D0116s1uia 22474 Firmware by Etlsystems

D0116s1ula 22414 Firmware by Etlsystems

D0116s1ula 22454 Firmware by Etlsystems

H0104d1ula 22460 Firmware by Etlsystems

H0108d1ula 22431 Firmware by Etlsystems

H0108d1ula 22461 Firmware by Etlsystems