SecuriTricks - CVE-2025-63205

Description

An issue was discovered in bridgetech probes VB220 IP Network Probe,VB120 Embedded IP + RF Probe, VB330 High-Capacity Probe, VB440 ST 2110 Production Analytics Probe, and NOMAD, firmware versions 6.5.0-9, allowing attackers to gain sensitive information such as administrator passwords via the /probe/core/setup/passwd endpoint.

Product(s) Impacted

Vendor	Product	Versions
Bridgetech	Vb220 Ip Network Probe Vb120 Embedded Ip Rf Probe Vb330 High-capacity Probe Vb440 St 2110 Production Analytics Probe Nomad	6.5.0-9 6.5.0-9 6.5.0-9 6.5.0-9 6.5.0-9

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	bridgetech	vb220_ip_network_probe	6.5.0-9	/	/	/	/	/	/	/
a	bridgetech	vb120_embedded_ip_rf_probe	6.5.0-9	/	/	/	/	/	/	/
a	bridgetech	vb330_high-capacity_probe	6.5.0-9	/	/	/	/	/	/	/
a	bridgetech	vb440_st_2110_production_analytics_probe	6.5.0-9	/	/	/	/	/	/	/
a	bridgetech	nomad	6.5.0-9	/	/	/	/	/	/	/

References

https://bridgetech.tv/

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63205_bridgetech%20probes%20Information%20Disclosure

CVSS Score

7.5 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: NONE
Availability Impact: NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

View Vector String

Timeline

Published: Nov. 19, 2025, 6:15 p.m.
Last Modified: Nov. 20, 2025, 5:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

CVE-2025-63205