Critical severity10.0NVD Advisory· Published May 21, 2025· Updated Apr 15, 2026

CVE-2025-36535

Description

The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, or arbitrary code execution depending on the environment and exposed functionality.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.automationdirect.com/adc/shopping/catalog/communications/protocol_gateways/modbus_gateways/eki-1221-cenvd
www.cisa.gov/news-events/ics-advisories/icsa-25-140-09nvd

News mentions

No linked articles in our index yet.

cvss	0.650
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000