CVE-2025-64385 identifies a critical security vulnerability in the Circutor TCPRS1plus device, specifically in its initial configuration process. The device supports configuration via multiple methods including Wi-Fi, web server, and manufacturer software. The vulnerability arises from the manufacturer's software configuration over UDP, where the device accepts configuration commands based solely on the device's MAC address without any authentication or validation. This lack of proper input validation (CWE-20) allows an attacker to spoof the MAC address and send malicious configuration commands, effectively changing any aspect of the device's initial setup. The vulnerability is present in version 1.0.14 of the product. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:H) indicates network attack vector, low attack complexity, no privileges or user interaction required, no confidentiality impact, low integrity impact, high availability impact, no scope change, low safety impact, and high security impact. This means an attacker can remotely and easily exploit the vulnerability without authentication or user interaction, potentially causing significant disruption to device availability and operation. Although no known exploits are reported in the wild, the vulnerability's characteristics make it a high-risk issue. The device is typically used in power monitoring and management contexts, where misconfiguration can disrupt energy management systems or cause operational failures. The lack of authentication and reliance on MAC address for configuration commands is a critical design flaw that undermines device security. The vulnerability was published on October 31, 2025, and no patches are currently available, emphasizing the need for immediate protective measures.

For European organizations, especially those in the energy, utilities, and industrial sectors, this vulnerability poses a significant threat. Circutor devices like the TCPRS1plus are often deployed in critical infrastructure for power monitoring and management. Exploitation could allow attackers to alter device configurations, potentially causing incorrect power measurements, disabling monitoring functions, or triggering device failures. This can lead to operational disruptions, financial losses, and safety hazards. Given the critical nature of energy infrastructure in Europe and the increasing targeting of such sectors by threat actors, the impact could extend beyond individual organizations to affect grid stability and energy distribution. The vulnerability's ease of exploitation and lack of authentication increase the risk of widespread attacks, including from nation-state actors or cybercriminal groups. Additionally, the potential for cascading effects on interconnected systems raises concerns about broader systemic impacts. Organizations relying on these devices must consider the risk to availability and integrity of their energy management systems and take proactive steps to mitigate exposure.

1. Immediately isolate Circutor TCPRS1plus devices from untrusted networks, especially restricting UDP traffic to and from these devices. 2. Implement strict network segmentation and firewall rules to limit access to the device's configuration interfaces only to authorized management systems. 3. Monitor network traffic for unusual UDP packets targeting the device's MAC address or configuration ports to detect potential exploitation attempts. 4. Disable or restrict the use of the manufacturer's software configuration over UDP if possible, or require configuration changes to be performed through more secure channels. 5. Engage with Circutor for firmware updates or patches addressing this vulnerability and plan prompt deployment once available. 6. Employ device-level logging and alerting to detect unauthorized configuration changes. 7. Conduct regular security assessments and penetration tests focusing on device configuration interfaces. 8. Educate operational technology (OT) and IT teams about this vulnerability and the importance of securing device configuration channels. 9. Consider deploying network intrusion detection/prevention systems (IDS/IPS) with signatures tailored to detect exploitation attempts targeting this vulnerability. 10. Maintain an inventory of all Circutor devices to ensure comprehensive coverage of mitigation efforts.