CVE-2025-1037 | THREATINT

Description

By making minor configuration changes to the TropOS 4th Gen device, an authenticated user with the ability to run user level shell commands can enable access via secure shell (SSH) to an unrestricted root shell. This is possible through abuse of a particular set of scripts and executables that allow for certain commands to be run as root from an unprivileged context.

PUBLISHED Reserved 2025-02-04 | Published 2025-10-28 | Updated 2025-10-28 | Assigner Hitachi Energy

HIGH: 7.5CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-269 Improper Privilege Management

Product status

Default status

unaffected

8.7.0.0 (custom)

affected

References

publisher.hitachienergy.com/...DocumentPartId=&Action=Launch

cve.org (CVE-2025-1037)

nvd.nist.gov (CVE-2025-1037)

Download JSON