CVE-2025-26689

Published Mar 31, 2025

Last updated 4 days ago

CVSS critical 9.8

Overview

Description
Direct request ('Forced Browsing') issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially crafted HTTP request to the product, the product data may be obtained or deleted, and/or the product settings may be altered.
Source
vultures@jpcert.or.jp
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

vultures@jpcert.or.jp
CWE-425

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-26689 ⚠️🔴 CRITICAL (9.8) 🏢 Inaba Denki Sangyo Co., Ltd. - CHOCO TEI WATCHER mini (IB-MCT001) 🏗️ all versions 🔗 https://t.co/2FP2R5cgZr 🔗 https://t.co/mBmYmdtmCh 🔗 https://t.co/bhzxMzpa3D 🔗 https://t.co/FoAOkROIOw #CyberCron #VulnAlert #InfoSec https://t.co/Z444

    @cybercronai

    1 Apr 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 A critical flaw (CVE-2025-26689) found in all CHOCO TEI WATCHER mini devices could allow remote attackers to access, delete, or manipulate sensitive data. No patch yet. Details 👉 https://t.co/iOo8ixdu09 #CVE2025_26689 #IoTSecurity #ICS #CyberSecurity

    @threatsbank

    31 Mar 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-26689 Direct request ('Forced Browsing') issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially crafted HTTP request to the… https://t.co/C0PS3Q22TF

    @CVEnew

    31 Mar 2025

    33 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. [CVE-2025-26689: CRITICAL] Security advisory: CHOCO TEI WATCHER mini (IB-MCT001) is vulnerable to 'Forced Browsing' attacks. Attackers can access, delete data, or alter settings with crafted HTTP requests.#cybersecurity,#vulnerability https://t.co/1CvGuMGSrr https://t.co/78DZeF5d

    @CveFindCom

    31 Mar 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References