CVE-2025-9725
LOWDescription
A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of the file /squashfs-root/etc/shadow of the component Web Interface. The manipulation leads to use of hard-coded password. The attack must be carried out locally. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit is publicly available and might be used. Upgrading to version 2.3.13 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains: "[T]he firmware does store a default password of 'admin'. This password has been deprecated since LT500E firmware version 2.3.13 and is no longer used. The LT500E does not have an administrator password set by default; a new password (at least 8 characters ) must be manually created upon first login the web management page."
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| cudy | lt500e_firmware |
| cudy | lt500e |
References
Exploits
Frequently Asked Questions
What is CVE-2025-9725? +
How severe is CVE-2025-9725? +
What products are affected by CVE-2025-9725? +
How do I check if I'm vulnerable to CVE-2025-9725? +
Related Vulnerabilities
Some Huawei wearables have a permission management vulnerability.
A vulnerability has been found in Zytec Dalian Zhuoyun Technology Central Authentication Service 3. Affected by this vulnerability is an …
A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the …
A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file …
A security vulnerability has been detected in Intelbras ICIP 2.0.20. Affected is an unknown function of the file /xml/sistema/acessodeusuario.xml. Such …
A weakness has been identified in Intelbras UnniTI 24.07.11. The affected element is an unknown function of the file /xml/sistema/usuarios.xml. …