CVE-2025-66238

Sunbird DCIM dcTrack and Power IQ Authentication Bypass Using an Alternate Path or Channel

CVSS 7.4 HIGHEPSS 0.3%CWE-288

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7.4EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

04 dic 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine.

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Productos afectados

Sunbird · DCIM dcTrack Sunbird · IQ

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-338-05.json https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-05