CVE-2025-63218

The Axel Technology WOLF1MS and WOLF2MS devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system settings, leading to full compromise of the device.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63218_Axel%20Technology%20WOLF1MS%20and%20WOLF2MS%20-%20Broken%20Access%20Control	Exploit Third Party Advisory
https://www.axeltechnology.com/	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:axeltechnology:wolf1ms_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:axeltechnology:wolf1ms:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:axeltechnology:wolf2ms_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:axeltechnology:wolf2ms:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-11-19 15:15

Updated : 2026-01-12 16:01

NVD link : CVE-2025-63218

Mitre link : CVE-2025-63218

CVE.ORG link : CVE-2025-63218

JSON object : View

Products Affected

axeltechnology

wolf1ms_firmware
wolf1ms
wolf2ms_firmware
wolf2ms

CWE

CWE-284

Improper Access Control

CWE-285

Improper Authorization

{"id": "CVE-2025-63218", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-11-19T15:15:50.453", "references": [{"url": "https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63218_Axel%20Technology%20WOLF1MS%20and%20WOLF2MS%20-%20Broken%20Access%20Control", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.axeltechnology.com/", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-285"}]}], "descriptions": [{"lang": "en", "value": "The Axel Technology WOLF1MS and WOLF2MS devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system settings, leading to full compromise of the device."}], "lastModified": "2026-01-12T16:01:06.177", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:axeltechnology:wolf1ms_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CD63D4E-079A-4F2F-A4DA-20D1FA44F0DB", "versionEndIncluding": "1.0.3", "versionStartIncluding": "0.8.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:axeltechnology:wolf1ms:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "80DEC281-BE5E-42AC-875E-E4869D0AE8A0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:axeltechnology:wolf2ms_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8703F9D9-8688-41D3-803C-6991085204BE", "versionEndIncluding": "1.0.3", "versionStartIncluding": "0.8.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:axeltechnology:wolf2ms:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B43485C9-4F82-4991-B22A-6C1F2ADD3214"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}