Login Sign Up

CVE-2025-67015

7.5 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability allows attackers to change the Administrator password and escalate privileges on Comtech EF Data CDM-625/CDM-625A satellite modems by sending a crafted POST request to the /Forms/admin_access_1 endpoint. It affects users running firmware version 2.5.1 on these devices. The broken access control enables unauthorized administrative access.

💻 Affected Systems

Products:
  • Comtech EF Data CDM-625 Advanced Satellite Modem
  • Comtech EF Data CDM-625A Advanced Satellite Modem
Versions: v2.5.1
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects devices with web management interface accessible. Devices behind firewalls with no external access have reduced risk.

📦 What is this software?

Cdm 625 Firmware by Comtech

View all CVEs affecting Cdm 625 Firmware →

Cdm 625a Firmware by Comtech

View all CVEs affecting Cdm 625a Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of satellite modem configuration, allowing attackers to disrupt communications, intercept/modify traffic, or use the device as a pivot point into connected networks.

🟠

Likely Case

Unauthorized administrative access leading to configuration changes, service disruption, or credential theft.

🟢

If Mitigated

Limited impact if device is behind strict network controls with no external access.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit requires network access to the device's web interface. The GitHub reference contains technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.comtechefdata.com/

Restart Required: No

Instructions:

Check vendor website for security advisories and firmware updates. No specific patch information is currently available.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to the modem's management interface

Access Control Lists

all

Implement firewall rules to block unauthorized access to /Forms/admin_access_1

🧯 If You Can't Patch

  • Isolate the modem on a dedicated management VLAN with strict access controls
  • Monitor network traffic for POST requests to /Forms/admin_access_1 and alert on suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface or CLI. If version is 2.5.1 and web interface is accessible, assume vulnerable.

Check Version:

Check via web interface at System > About or via CLI with appropriate vendor commands

Verify Fix Applied:

Verify firmware has been updated to a version later than 2.5.1 or test if POST requests to /Forms/admin_access_1 are properly authenticated.

📡 Detection & Monitoring

Log Indicators:

  • Failed authentication attempts followed by successful password changes
  • POST requests to /Forms/admin_access_1 from unexpected sources

Network Indicators:

  • HTTP POST requests to /Forms/admin_access_1 endpoint
  • Unusual administrative login patterns

SIEM Query:

http.method:POST AND http.uri:"/Forms/admin_access_1"

📊 Metadata

CVE ID: CVE-2025-67015
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-284
EPSS Score: 0.06% exploit probability (18th percentile)
Published: December 26, 2025
Last Updated: January 2, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67015, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)