CVE-2025-4043: Milesight UG65-868M-EA Improper Access Control for Volatile Memory Containing Boot Code
6.8
CVSS
Description
An admin user can gain unauthorized write access to the /etc/rc.local file on the device, which is executed on a system boot.
Classification
CVE ID: CVE-2025-4043
CVSS Base Severity: MEDIUM
CVSS Base Score: 6.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
Problem Types
CWE-1274Affected Products
Vendor: Milesight
Product: UG65-868M-EA
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.02% (probability of being exploited)
EPSS Percentile: 5.06% (scored less or equal to compared to others)
EPSS Date: 2025-05-08 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-4043https://www.cisa.gov/news-events/ics-advisories/icsa-25-126-02
https://www.milesight.com/iot/resources/download-center/#firmware-ug65