Medium severity5.4NVD Advisory· Published Mar 3, 2025· Updated Apr 15, 2026

CVE-2025-27579

Description

In Bitaxe ESP-Miner before 2.5.0 with AxeOS, one can use an /api/system CSRF attack to update the payout address (aka stratumUser) for a Bitaxe Bitcoin miner, or change the frequency and voltage settings.

Patches

a04c00ba070d

https://github.com/bitaxeorg/ESP-Minervia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/skot/ESP-Miner/pull/637nvd
snotra.uk/axeos-csrf-vulnerability.htmlnvd
www.nobsbitcoin.com/bitaxe-firmware-esp-miner-v2-5-0/nvd

News mentions

No linked articles in our index yet.

cvss	0.351
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000