CVE-2025-1037

CVSS 7.5 HIGHEPSS 0.1%CWE-269

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.5EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

28 Oct 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

By making minor configuration changes to the TropOS 4th Gen device, an authenticated user with the ability to run user level shell commands can enable access via secure shell (SSH) to an unrestricted root shell. This is possible through abuse of a particular set of scripts and executables that allow for certain commands to be run as root from an unprivileged context.

CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Hitachi Energy · TropOS 4th Gen

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000214&LanguageCode=en&DocumentPartId=&Action=Launch