Unrated severityNVD Advisory· Published Dec 2, 2025· Updated Dec 2, 2025

Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50

CVE-2025-11781

Description

Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key (e.g., by analysing the firmware image or memory dump) and create valid firmware update packages. This bypasses all intended access controls and grants full administrative privileges.

Affected products

Sge Plc1000 Sge Plc50/Circutorv5
Range: 9.0.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products-0mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000