Overview
A critical vulnerability, CVE-2025-6763, has been discovered in the web-based management interface of various Comet System models. This vulnerability allows malicious entities to manipulate the /setupA.cfg file, leading to missing authentication. This vulnerability poses a significant threat to system security and data integrity, enabling potential system compromise or data leakage.
Vulnerability Summary
CVE ID: CVE-2025-6763
Severity: Critical (7.5 CVSS Score)
Attack Vector: Local Network
Privileges Required: None
User Interaction: None
Impact: Potential system compromise or data leakage
Affected Products
A new way to communicate
Ameeba Chat is built on encrypted identity, not personal profiles.
Message, call, share files, and coordinate with identities kept separate.
- • Encrypted identity
- • Ameeba Chat authenticates access
- • Aliases and categories
- • End-to-end encrypted chat, calls, and files
- • Secure notes for sensitive information
Private communication, rethought.
Product | Affected Versions
Comet System T0510 | 1.60
Comet System T3510 | 1.60
Comet System T3511 | 1.60
Comet System T4511 | 1.60
Comet System T6640 | 1.60
Comet System T7511 | 1.60
Comet System T7611 | 1.60
Comet System P8510 | 1.60
Comet System P8552 | 1.60
Comet System H3531 | 1.60
How the Exploit Works
The vulnerability lies within the /setupA.cfg file of the web-based management interface. Attackers who have access to the local network can manipulate this file, leading to a missing authentication. This situation can allow the attacker to execute unauthorized activities, potentially leading to system compromise or data leakage.
Conceptual Example Code
The following conceptual example illustrates how the vulnerability might be exploited using a malicious shell command:
$ curl -X POST -d "@payload.json" http://target_comet_system/setupA.cfgHere, “payload.json” is a crafted JSON file that contains the malicious payload which manipulates /setupA.cfg for bypassing authentication.