CVE-2025-9964

Summary

No password for the root user is set in Novakon P series. This allows phyiscal attackers to enter the console easily. This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9).

Affected Software

VendorProductVersion RangeStatus
NovakonP series (P07, P10, P12, P15)P – V2001.A.c518o2 <= P-V2005affected

Weaknesses

  • CWE-521: CWE-521 Weak Password Requirements

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References