Authentication Bypass Vulnerability in KCM3100 by JCOM
CVE-2025-51381

9.3CRITICAL

Key Information:

Vendor: Kaon
Status: Kcm3100
Vendor: CVE Published:; 18 June 2025

What is CVE-2025-51381?

An authentication bypass vulnerability has been identified in the KCM3100, particularly in versions 1.4.2 and earlier. This flaw enables an attacker to exploit the device within the local area network (LAN), potentially granting unauthorized users access to sensitive features and controls of the product. Security measures must be taken to ensure that appropriate patches are applied to mitigate this risk effectively.

Affected Version(s)

KCM3100 Ver1.4.2 and earlier

References

https://notices.jcom.co.jp/notice/93847.html

https://jvn.jp/en/jp/JVN46288336/

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2025
Vulnerability Reserved
Jun 16, 2025

Kaon

What is CVE-2025-51381?

Affected Version(s)

References

CVSS V4

CVSS V3.0

Timeline