CVE-2025-63208
HIGHDescription
An issue was discovered in bridgetech VB288 Objective QoE Content Extractor, firmware version 5.6.0-8, allowing attackers to gain sensitive information such as administrator passwords via the /probe/core/setup/passwd endpoint.
Is your site exposed to CVE-2025-63208?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| bridgetech | vb288_firmware |
| bridgetech | vb288 |
References
Frequently Asked Questions
What is CVE-2025-63208? +
How severe is CVE-2025-63208? +
What products are affected by CVE-2025-63208? +
How do I check if I'm vulnerable to CVE-2025-63208? +
Related Vulnerabilities
StrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows stores authentication state, including a JSON Web Token …
The lack of encryption in the DuoxMe (formerly Blue) application binary in versions prior to 3.3.1 for iOS devices allows …
This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker …
next-forge is a Next.js project boilerplate for modern web application. The BASEHUB_TOKEN commited in apps/web/.env.example. Users should avoid use of …
PMD is an extensible multilanguage static code analyzer. The passphrase for the PMD and PMD Designer release signing keys are …
This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An …