CVE-2025-9965

N/A Unknown
Published: September 23, 2025 Modified: March 31, 2026
View on NVD

Description

Improper authentication vulnerability in Novakon P series allows unauthenticated attackers to upload and download any application from/to the device.This issue affects P series: P – V2001.A.C518o2 untilΒ P-2.0.05 Build 2026.02.06 (commit d0f97fd9).

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://cyberdanube.com/security-research/multiple-vulnerabilities-in-novakon-hmi-series/
Source: office@cyberdanube.com
https://www.novakon.com.tw/common/frontend/download?path=/uploads/images/support/download/NOVAKON_P-Series-HMI_Security-Advisory_CVE-2025-9962-9966_Rev2_0.pdf
Source: office@cyberdanube.com
https://www.novakon.com.tw/en/news/detail/Security_Advisory__Firmware_Update_Available_for_NOVAKON_P_Series_HMI_Products
Source: office@cyberdanube.com
http://seclists.org/fulldisclosure/2025/Sep/70
Source: af854a3a-2127-422b-91ae-364da2661108

4 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.3%
49th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-287

Related CVEs

CVE-2026-5251 6.3
CVE-2026-5249 3.5
CVE-2026-4947 7.1
CVE-2026-4374 N/A
CVE-2026-3831 4.3