What is the CVSS score of CVE-2025-48469?

CVE-2025-48469 has a CVSS 3.1 base score of 9.6 (Critical). CVSS vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Wise 4060lan Firmware are affected by CVE-2025-48469?

A critical vulnerability (CVE-2025-48469, CVSS 9.6) allows unauthenticated attackers to upload malicious firmware through a public-facing update page, potentially giving adversaries complete system…

Is there a public PoC exploit available for CVE-2025-48469?

Yes, a public proof-of-concept exploit is available for CVE-2025-48469. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-48469?

Within 24 hours: Identify all systems running affected software and isolate or restrict access to public update pages; enable enhanced logging and monitoring for firmware upload attempts. Within 7 days: Deploy compensating controls (WAF rules, network segmentation, IP whitelisting); conduct threat hunt for indicators of compromise. Within 30 days: Implement vendor patch immediately upon release; perform forensic analysis of any affected systems and rotate all administrative credentials.

Wise 4060lan Firmware CVE-2025-48469

EUVD-2025-28231 CRITICAL

Missing Authentication for Critical Function (CWE-306)

2025-06-24 5f57b9bf-260d-4433-bf07-b6a79e9bb7d4

Privilege Escalation Authentication Bypass RCE Wise 4060lan Firmware Wise 4010lan Firmware Wise 4050lan Firmware

9.6

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.6 CRITICAL

AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 22:36 euvd

EUVD-2025-28231

Analysis Generated

Mar 15, 2026 - 22:36 vuln.today

PoC Detected

Jul 09, 2025 - 15:21 vuln.today

Public exploit code

CVE Published

Jun 24, 2025 - 03:15 nvd

CRITICAL 9.6

DescriptionCVE.org

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload firmware through a public update page, potentially leading to backdoor installation or privilege escalation.

AnalysisAI

A privilege escalation vulnerability (CVSS 9.6) that allows an unauthenticated attacker. Risk factors: public PoC available.

Technical ContextAI

CWE-306 (Missing Authentication). CVSS 9.6 indicates critical severity with likely remote exploitation vector.

RemediationAI

Monitor vendor channels for patch availability. Restrict network access to affected components and enable MFA as interim mitigation.

CVE-2025-48469 vulnerability details – vuln.today

Back

Wise 4060lan Firmware CVE-2025-48469

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code