Configuration Bypass in Thales Group IoT Equipment
CVE-2025-64385

9.2CRITICAL

Key Information:

Vendor: Circutor
Status: Tcprs1plus
Vendor: CVE Published:; 31 October 2025

What is CVE-2025-64385?

Thales Group IoT devices are susceptible to a configuration bypass vulnerability. This flaw enables unauthorized modifications to device settings through the device's MAC address without requiring any authentication. Configuration can be altered using various methods, including the manufacturer's app, web server, or manufacturer’s software. This potential security gap emphasizes the need for robust security measures to prevent unauthorized access and ensure the integrity of IoT configurations.

Affected Version(s)

TCPRS1plus 1.0.14

References

https://cds.thalesgroup.com/es/s21sec

https://circutor.com/productos/iot-industrial-y-automatiz...

product

CVSS V4

Score:

9.2

Severity:

CRITICAL

Confidentiality:

None

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 31, 2025
Vulnerability Reserved
Oct 31, 2025

Credit

Víctor Bello Cuevas

Aarón Flecha Menéndez

JSON

Circutor

What is CVE-2025-64385?

Affected Version(s)

References

CVSS V4

Timeline

Credit