← volver
CVE-2025-1038

CVE-2025-1038

CVSS 7.5 HIGHEPSS 0.3%CWE-78
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.5EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
28 oct 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The “Diagnostics Tools” page of the web-based configuration utility does not properly validate user-controlled input, allowing an authenticated user with high privileges to inject commands into the command shell of the TropOS 4th Gen device. The injected commands can be exploited to execute several set-uid (SUID) applications to ultimately gain root access to the TropOS device.
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
Hitachi Energy · TropOS 4th Gen

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://publisher.hitachienergy.com/preview?DocumentID=8DBD000214&LanguageCode=en&DocumentPartId=&Action=Launch