How severe is CVE-2025-2764?

This vulnerability has a severity rating of HIGH with a CVSS score of 8 out of 10.

What type of vulnerability is CVE-2025-2764?

This is classified as CWE-347, which is a common weakness in software security.

CVE-2025-2764 - HIGH Severity | CVSS 8

Vulnerability Description

CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of update packages provided to update.cgi. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24355.

Related Vulnerabilities

CVE-2021-20487

HIGH

CVSS:8.0(High)

IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromise the integrity of the host firmware bypassing the host firmware signature verification process.

CWE-3472021

CVE-2017-16852

HIGH

CVSS:8.1(High)

shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and do...

CWE-3472017

CVE-2017-16853

HIGH

CVSS:8.1(High)

The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and ...

CWE-3472017

CVE-2017-18122

HIGH

CVSS:8.1(High)

A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more tha...

CWE-3472017

CVE-2018-7711

HIGH

CVSS:8.1(High)

HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accep...

CWE-3472018

CVE-2021-3051

HIGH

CVSS:8.1(High)

An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Corte...

CWE-3472021