The vulnerability identified as CVE-2025-63209 affects ELCA Star Transmitter Remote Control firmware version 1.25 across multiple transmitter models including STAR150, BP1000, STAR300, STAR2000, STAR1000, and STAR500. The core issue is an information disclosure vulnerability stemming from an unprotected /setup.xml endpoint accessible over the network without any authentication or user interaction. This endpoint contains sensitive system configuration data, notably the administrator password stored in plaintext within the <p05> XML tag. Because the password is not encrypted or hashed, an attacker can easily retrieve it by sending a simple HTTP request to the endpoint. Once the admin credentials are obtained, the attacker can remotely access and control the transmitter system, potentially altering configurations, disrupting broadcasts, or using the device as a foothold for further network intrusion. The CVSS 3.1 base score of 7.5 reflects the vulnerability’s high impact on confidentiality, ease of exploitation (network vector, no privileges or user interaction required), and unchanged integrity or availability. No patches or firmware updates are currently available, and no exploits have been observed in the wild, but the vulnerability’s characteristics make it a critical concern for organizations relying on these devices. The vulnerability is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor).

For European organizations, especially broadcasters, telecommunications providers, and critical infrastructure operators using ELCA Star Transmitter devices, this vulnerability poses a significant risk. Unauthorized disclosure of admin credentials can lead to remote compromise of transmitter systems, enabling attackers to manipulate broadcast signals, disrupt communications, or gain persistent access to internal networks. This could result in operational downtime, loss of service integrity, reputational damage, and potential regulatory penalties under GDPR if personal data or critical services are impacted. The lack of authentication and plaintext password storage means attackers can exploit this vulnerability remotely and stealthily, increasing the threat level. Given the strategic importance of broadcasting and communication infrastructure in Europe, successful exploitation could also have national security implications. The absence of known exploits in the wild provides a window for proactive mitigation, but the high severity score demands urgent attention.

1. Immediately restrict network access to the /setup.xml endpoint by implementing firewall rules or access control lists (ACLs) to allow only trusted management IP addresses. 2. Employ network segmentation to isolate transmitter devices from general enterprise networks and the internet, reducing exposure. 3. Monitor network traffic for unusual requests targeting /setup.xml or other configuration endpoints. 4. Change default or known admin passwords on affected devices to strong, unique credentials once access is secured. 5. Engage with ELCA or authorized vendors to obtain firmware updates or patches addressing this vulnerability as soon as they become available. 6. If firmware updates are not yet available, consider temporary compensating controls such as VPN access for device management or disabling remote management features where feasible. 7. Conduct regular security audits and vulnerability assessments on transmitter infrastructure to detect similar issues. 8. Train operational staff on the risks of exposing management interfaces and the importance of secure configuration.