Information Disclosure Vulnerability in Electronics Registration Service by EG4 Electronics
CVE-2025-47872

6.9MEDIUM

Key Information:

Vendor: Eg4 Electronics
Status: Eg4 12kpv; Eg4 18kpv; Eg4 Flex 21; Eg4 Flex 18
Vendor: CVE Published:; 8 August 2025

🔔 Create Eg4 Electronics Vulnerability Alert

What is CVE-2025-47872?

The product registration endpoint of EG4 Electronics is susceptible to an information disclosure vulnerability. This vulnerability arises from the endpoint's inconsistent response behavior based on the state of the serial number (S/N). It reacts differently when the S/N is valid and unregistered, valid but already registered, or nonexistent in the database. Because the serial numbers are assigned in a sequential manner, an attacker could exploit this behavior to infer the registration status of various S/Ns, potentially leading to unauthorized access to sensitive product registration information.

Affected Version(s)

EG4 12000XP all versions

EG4 12kPV all versions

EG4 18kPV all versions

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-2...

https://eg4electronics.com/contact/

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 8, 2025
Vulnerability Reserved
Jul 30, 2025

Credit

Anthony Rose of BC Security reported these vulnerabilities to CISA.