VDB
CVE-2025-5872
CVE-2025-5872
PUBLISHED
CVSS 6.900000095367432 MEDIUM
A vulnerability was found in eGauge EG3000 Energy Monitor 3.6.3. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
EPSS 0.18% · 38.8th percentile
Risk Scores
CVSS 4.0
6.900000095367432
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
EPSS Score
0.18%
38.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| eGauge | EG3000 Energy Monitor | 3.6.3 |
Exploit Intelligence
- CIRCL seen: CVE-2025-5872 (circl-sighting)
- VDB-311631 | eGauge EG3000 Energy Monitor Setting missing authentication (circl)
- VDB-311631 | CTI Indicators (IOB, IOC) (circl)
- Submit #585486 | eGauge_Systems_LLC eGauge EG3000 Energy Monitor v3.6.3 Missing Authentication for Critical Function (circl)
- https://github.com/zeke2997/CVE_request_eGauge_Systems_LLC (cve.org)
Timeline
- Jun 9, 2025 EPSS Score
- Jun 9, 2025 CVE Published
- Jun 9, 2025 PoC Published
- Jun 20, 2025 EPSS Score
- Jun 30, 2025 EPSS Score
- Jul 11, 2025 EPSS Score
- Jul 21, 2025 EPSS Score
- Aug 1, 2025 EPSS Score
- Aug 11, 2025 EPSS Score
- Aug 22, 2025 EPSS Score
- Sep 1, 2025 EPSS Score
- Sep 12, 2025 EPSS Score
References
- VDB-311631 | eGauge EG3000 Energy Monitor Setting missing authentication vdb
- VDB-311631 | CTI Indicators (IOB, IOC) url
- Submit #585486 | eGauge_Systems_LLC eGauge EG3000 Energy Monitor v3.6.3 Missing Authentication for Critical Function third-party-advisory
- https://github.com/zeke2997/CVE_request_eGauge_Systems_LLC exploit
- https://nvd.nist.gov/vuln/detail/CVE-2025-5872 advisory