CVE-2025-9963 is a critical security vulnerability classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory, commonly known as path traversal) affecting the Novakon P series, specifically version P – V2001.A.c518o2. This vulnerability allows an attacker with local access to bypass directory restrictions and access the root filesystem ('/') of the device. By exploiting this flaw, an attacker can read and modify any file on the system with root-level permissions, effectively gaining full control over the device. The vulnerability does not require authentication or user interaction, significantly lowering the barrier for exploitation once local access is obtained. The CVSS 4.0 base score is 9.4 (critical), reflecting the high impact on confidentiality, integrity, and availability, as well as the ease of exploitation. The attack vector is local (AV:L), but the vulnerability has low attack complexity (AC:L) and no privileges required (PR:N). The vulnerability affects critical industrial control systems or embedded devices running the Novakon P series firmware, which are often deployed in industrial automation environments. Although no exploits have been reported in the wild yet, the potential for system compromise and disruption is severe. The lack of available patches at the time of publication necessitates immediate mitigation through access control and monitoring. The vulnerability's exploitation could lead to unauthorized system modifications, data breaches, and operational disruptions in critical infrastructure.

For European organizations, especially those in industrial automation, manufacturing, and critical infrastructure sectors using Novakon P series devices, this vulnerability poses a significant risk. Successful exploitation can lead to full system compromise, allowing attackers to alter system files, disrupt operations, or implant persistent malware. This could result in production downtime, safety hazards, intellectual property theft, and regulatory non-compliance. Given the root-level access gained, attackers could also pivot to other network segments, escalating the threat to broader organizational IT and OT environments. The impact is particularly critical in sectors such as energy, transportation, and manufacturing, where Novakon devices are commonly integrated. The vulnerability's local attack vector means that insider threats or attackers who gain physical or network access to the device's local environment can exploit it. This elevates the risk in environments with insufficient physical security or weak network segmentation. The absence of known exploits in the wild provides a window for proactive defense, but the critical severity demands urgent attention to prevent potential targeted attacks.

1. Immediately restrict local access to Novakon P series devices by enforcing strict physical security controls and limiting network access to trusted personnel and systems only. 2. Implement network segmentation to isolate vulnerable devices from general IT networks and untrusted zones, reducing the risk of lateral movement. 3. Deploy host-based monitoring solutions to detect unusual file system changes or unauthorized access attempts on Novakon devices. 4. Regularly audit and review access logs and system integrity to identify potential exploitation attempts early. 5. Coordinate with Novakon for timely patch releases and apply firmware updates as soon as they become available. 6. Employ application whitelisting or file integrity monitoring tools where possible to prevent unauthorized modifications. 7. Educate operational technology (OT) staff about the risks of local access vulnerabilities and enforce strict operational procedures. 8. Consider deploying intrusion detection systems tailored for industrial control systems to monitor for anomalous behavior. 9. Maintain an incident response plan specifically addressing OT environment compromises to enable rapid containment and recovery. 10. If patching is delayed, consider temporary compensating controls such as disabling unnecessary local interfaces or services that could provide local access.