Information Disclosure Vulnerability in Aquatronica Controller System
CVE-2025-25037

9.3CRITICAL

Key Information:

Vendor: Aquatronica
Status: Aquatronica Controller System
Vendor: CVE Published:; 20 June 2025

🔔 Create Aquatronica Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-25037?

The Aquatronica Controller System is affected by an information disclosure vulnerability that arises from improper access controls in the tcp.php endpoint. This flaw enables remote attackers to send crafted POST requests, leading to the exposure of sensitive configuration data, including plaintext administrative credentials. The absence of authentication checks allows for unauthorized access, potentially culminating in full system compromise. Attackers could manipulate various connected devices and parameters within an aquarium setup, posing significant risks to users relying on this system for aquatic care.

Affected Version(s)

Aquatronica Controller System 0 <= 5.1.6

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-25037 - Proof of Concept