PatchSiren cyber security CVE debrief
CVE-2025-67158 Revotech CVE debrief
CVE-2025-67158 is an authentication bypass vulnerability in the /cgi-bin/jvsweb.cgi endpoint of Revotech I6032W-FHW v1.0.0014 - 20210517. This vulnerability allows attackers to access sensitive information and escalate privileges via a crafted HTTP request. The CVSS score is 7.5, indicating a high severity level. Security teams and administrators should prioritize patching or mitigating this vulnerability to prevent potential unauthorized access and privilege escalation.
- Vendor
- Revotech
- Product
- I6032W-FHW
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-02
- Original CVE updated
- 2026-07-05
- Advisory published
- 2026-01-02
- Advisory updated
- 2026-07-05
Who should care
Security teams and administrators responsible for Revotech I6032W-FHW devices should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability exists in the /cgi-bin/jvsweb.cgi endpoint of Revotech I6032W-FHW v1.0.0014 - 20210517. An attacker can exploit this vulnerability by sending a crafted HTTP request, potentially leading to unauthorized access to sensitive information and privilege escalation.
Defensive priority
High priority should be given to patching or mitigating this vulnerability due to its potential for unauthorized access and privilege escalation.
Recommended defensive actions
- Review and apply available patches or updates from the vendor.
- Implement compensating controls, such as restricting access to the affected endpoint.
- Monitor for suspicious activity and implement additional security measures as needed.
Evidence notes
The CVE record was published on 2026-01-02T17:16:23.310Z and last modified on 2026-07-05T02:17:33.923Z. The NVD entry is currently Modified. Evidence is limited to CVE and NVD details. Defenders should verify affected product deployments and review official advisories for scope and guidance.
Official resources
-
CVE-2025-67158 CVE record
CVE.org
-
CVE-2025-67158 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Exploit, Third Party Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-01-02T17:16:23.310Z and has not been modified since then. The NVD entry is currently Modified.