{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-28T14:17:31.686","vulnerabilities":[{"cve":{"id":"CVE-2025-25037","sourceIdentifier":"disclosure@vulncheck.com","published":"2025-06-20T19:15:35.870","lastModified":"2026-06-17T09:00:10.840","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An information disclosure vulnerability exists in Aquatronica Controller System firmware versions <= 5.1.6 and web interface versions <= 2.0. The tcp.php endpoint fails to restrict unauthenticated access, allowing remote attackers to issue crafted POST requests and retrieve sensitive configuration data, including plaintext administrative credentials. Exploitation of this flaw can lead to full compromise of the system, enabling unauthorized manipulation of connected devices and aquarium parameters."},{"lang":"es","value":"Existe una vulnerabilidad de divulgación de información en las versiones de firmware de Aquatronica Controller System anteriores a la 5.1.6 y anteriores a la 2.0 de la interfaz web. El endpoint tcp.php no restringe el acceso no autenticado, lo que permite a atacantes remotos emitir solicitudes POST manipuladas y recuperar datos de configuración confidenciales, incluyendo credenciales administrativas en texto plano. La explotación de esta vulnerabilidad puede comprometer por completo el sistema, lo que permite la manipulación no autorizada de los dispositivos conectados y los parámetros del acuario."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Aquatronica","product":"Aquatronica Controller System","defaultStatus":"unaffected","modules":["Web Management Interface (tcp.php endpoint)"],"versions":[{"version":"0","lessThanOrEqual":"5.1.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-06-23T20:32:57.296954Z","id":"CVE-2025-25037","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://fortiguard.fortinet.com/encyclopedia/ips/56008","source":"disclosure@vulncheck.com"},{"url":"https://vulncheck.com/advisories/aquatronica-controller-system-credential-leak","source":"disclosure@vulncheck.com"},{"url":"https://www.aquatronica.com","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/52028","source":"disclosure@vulncheck.com"},{"url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5824.php","source":"disclosure@vulncheck.com"}]}}]}