← back
CVE-2025-7024

Local privilege escalation in Windows Server OS through installed Tetra Connectivity Server (TCS)

CVSS 5.6 MEDIUMEPSS 0.1%CWE-276
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.6EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
03 Apr 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse. An attacker may execute arbitrary code with SYSTEM privileges if a user is tricked or directed to place a crafted file into the vulnerable directory. This issue affects TETRA connectivity Server: 7.0. Vulnerability fix is available and delivered to impacted customers.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →