CVE-2025-9965 is an improper authentication vulnerability classified under CWE-287 affecting the Novakon P series devices, specifically version P – V2001.A.c518o2. This vulnerability allows unauthenticated attackers to upload and download any application to or from the affected device without requiring any privileges or user interaction. The flaw essentially bypasses all authentication mechanisms, granting attackers full control over the device’s application management functions. This can lead to unauthorized code execution, manipulation of device behavior, data exfiltration, or disruption of device operations. The vulnerability has been assigned a CVSS 4.0 score of 9.3, indicating critical severity with network attack vector, low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. The vulnerability was published on September 23, 2025, and no patches or known exploits are currently reported, but the risk remains high due to the ease of exploitation. Novakon P series devices are typically used in industrial control systems and automation environments, where unauthorized application uploads could lead to operational disruptions or safety hazards. The lack of authentication enforcement represents a fundamental security failure in the device’s design, making it a prime target for attackers aiming to compromise industrial environments.

The impact of CVE-2025-9965 on European organizations is significant, particularly for those operating in industrial automation, manufacturing, and critical infrastructure sectors that utilize Novakon P series devices. The ability for unauthenticated attackers to upload and download applications can lead to unauthorized code execution, manipulation of industrial processes, data theft, and potential operational shutdowns. This could result in production downtime, safety incidents, financial losses, and damage to organizational reputation. Given the critical nature of industrial control systems in Europe’s energy, manufacturing, and transportation sectors, exploitation could have cascading effects beyond a single organization, potentially impacting supply chains and public safety. The vulnerability’s network accessibility and lack of required privileges mean attackers can exploit it remotely, increasing the threat surface. Additionally, the high integrity and availability impacts raise concerns about sabotage or ransomware attacks targeting these devices. European organizations must consider this vulnerability a high-priority risk to their operational technology environments.

1. Immediate action should be taken to monitor vendor communications for official patches or firmware updates addressing CVE-2025-9965 and apply them as soon as they become available. 2. Until patches are released, implement strict network segmentation to isolate Novakon P series devices from general IT networks and restrict access to trusted personnel and systems only. 3. Deploy network intrusion detection and prevention systems (IDS/IPS) with signatures or heuristics to detect anomalous application upload/download activities targeting these devices. 4. Enforce strong access control policies, including limiting device management interfaces to secure management VLANs or VPNs with multi-factor authentication where possible. 5. Conduct regular audits and integrity checks of device applications to detect unauthorized changes promptly. 6. Educate operational technology (OT) staff about this vulnerability and the importance of monitoring for suspicious device behavior. 7. Collaborate with Novakon and cybersecurity communities to share threat intelligence and best practices for protecting affected devices. 8. Consider deploying compensating controls such as application whitelisting or endpoint protection solutions tailored for industrial devices to mitigate exploitation risks.