PatchSiren cyber security CVE debrief
CVE-2025-25211 Inaba Denki Sangyo Co., Ltd. CVE debrief
CVE-2025-25211 affects Inaba Denki Sangyo Co., Ltd. CHOCO TEI WATCHER mini (IB-MCT001). The advisory states that the product has a weak password requirement vulnerability that may allow an attacker to perform brute-force attacks, potentially resulting in unauthorized access and login. CISA published the CSAF advisory ICSA-25-084-04 on 2025-03-25, and the affected product listing covers vers:all/* for the named product.
- Vendor
- Inaba Denki Sangyo Co., Ltd.
- Product
- CHOCO TEI WATCHER mini (IB-MCT001)
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-25
- Original CVE updated
- 2025-03-25
- Advisory published
- 2025-03-25
- Advisory updated
- 2025-03-25
Who should care
Organizations that deploy or administer CHOCO TEI WATCHER mini (IB-MCT001), especially OT/industrial environments, site operators, system integrators, and network/security teams responsible for restricting access to embedded or field-deployed devices.
Technical summary
The reported issue is an authentication weakness: password requirements are too weak to resist brute-force attempts. The source material indicates network-based exposure is a concern and identifies the affected product as Inaba Denki Sangyo Co., Ltd. CHOCO TEI WATCHER mini (IB-MCT001), with the affected scope listed as vers:all/*. The advisory’s stated outcome is unauthorized access and login. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, corresponding to a critical score of 9.8.
Defensive priority
High. The advisory describes an authentication weakness that can be abused remotely if the device is reachable, and the impact includes unauthorized access. Because the source remediation emphasizes network restriction and authorized-user access control, reducing exposure should be treated as urgent until stronger protection or vendor guidance is available.
Recommended defensive actions
- Restrict the product to trusted LAN-only use and block access from untrusted networks and hosts with firewalls.
- If Internet access is required, place the device behind a firewall or VPN and minimize Internet exposure.
- Limit operation and handling of the product, including microSD card use, to authorized users only.
- Review the linked vendor and JVN advisories for any additional mitigation guidance.
- Verify that the device is not directly exposed to the public Internet or other untrusted networks.
Evidence notes
This debrief is based on the supplied CISA CSAF advisory data for ICSA-25-084-04, published and modified on 2025-03-25. The advisory names the vendor as Inaba Denki Sangyo Co., Ltd. and the product as CHOCO TEI WATCHER mini (IB-MCT001), with affected scope listed as vers:all/*. The stated vulnerability description is a weak password requirement that may allow brute-force attacks resulting in unauthorized access and login. No exploit details or remediation beyond the source corpus were used.
Official resources
-
CVE-2025-25211 CVE record
CVE.org
-
CVE-2025-25211 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the CISA CSAF advisory ICSA-25-084-04 on 2025-03-25, matching the CVE published date provided in the corpus. No KEV listing is indicated in the supplied data.