Unrated severityNVD Advisory· Published Nov 19, 2025· Updated Nov 20, 2025

CVE-2025-63223

Description

The Axel Technology StreamerMAX MK II devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system settings, leading to full compromise of the device.

Affected products

Axel Technology/StreamerMAX MK IIdescription
Axel Technology/StreamerMAX MK IIllm-create
Range: >=0.8.5 <=1.0.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63223_Axel%20Technology%20StreamerMAX%20MK%20II%20-%20Broken%20Access%20Controlmitre
www.axeltechnology.commitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000