Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system.
AnalysisAI
The Angeet ES3 KVM device contains an arbitrary file write vulnerability allowing remote, unauthenticated attackers to modify system files including configuration files and binaries, potentially leading to complete system compromise. All versions of the ES3 KVM appear to be affected based on EUVD version data (ES3 KVM 0 <*). This vulnerability has been reported by CISA and documented in their CSAF advisory VA-26-076-01, though no active exploitation (KEV) status has been indicated at this time.
Technical ContextAI
KVM (Keyboard, Video, Mouse) devices are hardware switches that allow IT administrators to control multiple servers from a single console, often with network connectivity for remote management. The vulnerability is rooted in CWE-306 (Missing Authentication for Critical Function), meaning the affected Angeet ES3 KVM fails to properly authenticate users before allowing file write operations. The CPE identifier cpe:2.3:a:angeet:es3_kvm confirms this affects the Angeet ES3 KVM product across all documented versions. KVM devices are particularly sensitive as they provide direct access to server consoles and are often connected to management networks, making them high-value targets. The lack of authentication on file write operations represents a fundamental security design flaw allowing attackers to replace legitimate system binaries or configuration files with malicious versions.
RemediationAI
Organizations should immediately consult CISA's CSAF advisory at https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-076-01.json for vendor-specific patch information and mitigation guidance. Until patches are available and applied, isolate affected Angeet ES3 KVM devices from untrusted networks by placing them on dedicated management VLANs accessible only from authorized administrator workstations through VPN or jump hosts. Implement network access controls using firewall rules or ACLs to restrict connectivity to specific trusted IP addresses. Monitor these devices for unauthorized file modifications using file integrity monitoring tools and review access logs for suspicious activity. Consider replacing affected devices with alternative KVM solutions if vendor patches are not forthcoming, given the severity of unauthenticated remote access to critical infrastructure management hardware.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12612