Critical severity9.1NVD Advisory· Published Aug 14, 2025· Updated Apr 15, 2026

CVE-2025-43983

Description

KuWFi CPF908-CP5 WEB5.0_LCD_20210125 devices have multiple unauthenticated access control vulnerabilities within goform/goform_set_cmd_process and goform/goform_get_cmd_process. These allow an unauthenticated attacker to retrieve sensitive information (including the device admin username and password), modify critical device settings, and send arbitrary SMS messages.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

drive.proton.me/urls/CN629YJ3F4nvd
github.com/actuator/cve/blob/main/Kuwfi/CVE-2025-43983.txtnvd
github.com/actuator/cve/tree/main/KuWfinvd

News mentions

No linked articles in our index yet.

cvss	0.591
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000