Unrated severityNVD Advisory· Published Nov 19, 2025· Updated Dec 17, 2025
CVE-2025-63221
CVE-2025-63221
Description
The Axel Technology puma devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system settings, leading to full compromise of the device.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Axel Technology/pumadescription
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.