CVE-2025-66238

Sunbird DCIM dcTrack and Power IQ Authentication Bypass Using an Alternate Path or Channel

CVSS 7.4 HIGHEPSS 0.3%CWE-288

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 7.4EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

04 dez 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine.

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Produtos afetados

Sunbird · DCIM dcTrack Sunbird · IQ

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-338-05.json https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-05