CVE-2025-10650 | THREATINT

Description

SoftIron HyperCloud 2.5.0 through 2.6.3 may incorrectly add user SSH keys to the administrator-level authorized keys under certain conditions, allowing unauthorized privilege escalation to admin via SSH.

PUBLISHED Reserved 2025-09-17 | Published 2025-09-18 | Updated 2025-09-18 | Assigner SoftIron

HIGH: 8.8CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-269 Improper Privilege Management

Product status

Default status

unaffected

2.5.0 (semver) before 2.6.4

affected

References

advisories.softiron.cloud/

cve.org (CVE-2025-10650)

nvd.nist.gov (CVE-2025-10650)

Download JSON