{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-67112", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-24T01:17:45.000Z", "dateReserved": "2025-12-08T00:00:00.000Z", "datePublished": "2026-03-19T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-19T17:28:26.472Z"}, "descriptions": [{"lang": "en", "value": "Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling credential manipulation and privilege escalation via the GUI import/export functions."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://neroteam.com/blog/freedomfi-sercomm-sce4255w-englewood"}, {"url": "https://fcc.report/FCC-ID/P27-SCE4255W/4790935.pdf"}, {"url": "https://freedomfi.com/index.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-321", "lang": "en", "description": "CWE-321 Use of Hard-coded Cryptographic Key"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T01:15:30.890647Z", "id": "CVE-2025-67112", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T01:17:45.000Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-67112", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-24T01:15:30.890647Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-321", "description": "CWE-321 Use of Hard-coded Cryptographic Key"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T01:17:39.837Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://neroteam.com/blog/freedomfi-sercomm-sce4255w-englewood"}, {"url": "https://fcc.report/FCC-ID/P27-SCE4255W/4790935.pdf"}, {"url": "https://freedomfi.com/index.html"}], "descriptions": [{"lang": "en", "value": "Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling credential manipulation and privilege escalation via the GUI import/export functions."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-19T17:28:26.472Z"}}}, "cveMetadata": {"cveId": "CVE-2025-67112", "state": "PUBLISHED", "dateUpdated": "2026-03-24T01:17:45.000Z", "dateReserved": "2025-12-08T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-19T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling credential manipulation and privilege escalation via the GUI import/export functions."}, {"lang": "es", "value": "Uso de una clave AES-256-CBC codificada de forma r\u00edgida en la implementaci\u00f3n de copia de seguridad/restauraci\u00f3n de la configuraci\u00f3n del firmware de Small Cell Sercomm SCE4255W (FreedomFi Englewood) anterior a DG3934v3@2308041842 permite a usuarios remotos autenticados descifrar, modificar y volver a cifrar las configuraciones del dispositivo, lo que permite la manipulaci\u00f3n de credenciales y la escalada de privilegios a trav\u00e9s de las funciones de importaci\u00f3n/exportaci\u00f3n de la GUI."}], "id": "CVE-2025-67112", "lastModified": "2026-03-24T02:16:03.450", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-19T18:16:15.450", "references": [{"source": "cve@mitre.org", "url": "https://fcc.report/FCC-ID/P27-SCE4255W/4790935.pdf"}, {"source": "cve@mitre.org", "url": "https://freedomfi.com/index.html"}, {"source": "cve@mitre.org", "url": "https://neroteam.com/blog/freedomfi-sercomm-sce4255w-englewood"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-321"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,DG3934v3@2308041842)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "sercomm_sce4255w", "vendor": "freedomfi"}], "analysis": {"en": {"generated_at": "2026-03-24T03:28:38.176829+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2019s latest firmware update (DG3934v3 or newer) that removes the hard\u2011coded AES key.", "If an update cannot be applied immediately, disable the configuration import/export options in the device GUI.", "Isolate the affected devices from the untrusted network until a secure update is installed.", "Continuously monitor authentication and configuration logs for unauthorized export/import activity.", "Verify after patching that the firmware no longer contains the hard\u2011coded key and that importing configurations no longer permits credential changes."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Affected devices are the Sercomm SCE4255W (FreedomFi Englewood) small\u2011cell radios running firmware versions earlier than DG3934v3@2308041842. The known references point to the 2025 firmware build, suggesting that any device firmware deployed before this build inherits the hard\u2011coded key. Network administrators should verify the firmware release on each unit and mark those running older builds as vulnerable.", "description_and_impact": "The vulnerability arises from a hard\u2011coded AES\u2011256\u2011CBC key embedded in the configuration backup/restore routines of the Sercomm SCE4255W (FreedomFi Englewood). An authenticated user can export a configuration file, have the device decrypt it using the internal key, modify user credentials, re\u2011encrypt the file, and import it back. This manipulation permits an attacker to replace existing administrative credentials or create new privileged accounts, effectively elevating privileges on the device. The weakness corresponds to CWE\u2011321, the use of non\u2011random keys.", "risk_and_exploitability": "The CVSS score of 9.8 indicates a maximum severity, yet the EPSS score is below 1\u202f%, and the weakness is not listed in the CISA KEV catalog. The attack requires remote authenticated access and interaction with the GUI import/export functions; an attacker who gains credentials can carry out the exploit without additional code execution. Given the high impact and the ease of manipulating configuration data, systems operators should treat this as an imminent threat and address it immediately."}}}}, "created": "2026-03-20T08:58:06.265128+00:00", "title": "Hard\u2011coded AES\u2011256 Key Enables Remote Decryption, Modification, and Privilege Escalation in FreedomFi Sercomm SCE4255W", "updated": "2026-03-25T11:51:43.440862+00:00", "vendors": ["freedomfi", "freedomfi$PRODUCT$sercomm_sce4255w"]}