Unrated severityNVD Advisory· Published Nov 19, 2025· Updated Nov 19, 2025

CVE-2025-63218

Description

The Axel Technology WOLF1MS and WOLF2MS devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system settings, leading to full compromise of the device.

Affected products

Axel Technology/WOLF1MS and WOLF2MS devicesdescription
Axel Technology/WOLF1MSllm-create
Range: >=0.8.5 <=1.0.3
Axel Technology/WOLF2MSllm-create
Range: >=0.8.5 <=1.0.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63218_Axel%20Technology%20WOLF1MS%20and%20WOLF2MS%20-%20Broken%20Access%20Controlmitre
www.axeltechnology.commitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000