Authentication Bypass in Deep Sea Electronics DSE855 Device
CVE-2025-29270

10CRITICAL

Key Information:

Vendor: Deep Sea Electronics
Status: DSE855
Vendor: CVE Published:; 31 October 2025

🔔 Create Deep Sea Electronics Vulnerability Alert

What is CVE-2025-29270?

An incorrect access control vulnerability exists in the realtime.cgi endpoint of Deep Sea Electronics's DSE855 devices, versions 1.1.0 to 1.1.26. This flaw allows attackers to bypass authentication, potentially gaining unauthorized access to the administrative panel. Successful exploitation could enable malicious actors to manipulate device settings and pose significant risks to network security and operations. It is crucial for users to assess their devices and apply necessary patches to mitigate risks associated with this vulnerability.

References

https://blog.byteray.co.uk/shadow-entry-discovery-of-auth...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 31, 2025
Vulnerability Reserved
Mar 11, 2025

JSON