exploitDog

GHSA-c6xp-3j4m-584m

Опубликовано: 18 сент. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 8.8

Описание

SoftIron HyperCloud 2.5.0 through 2.6.3 may incorrectly add user SSH keys to the administrator-level authorized keys under certain conditions, allowing unauthorized privilege escalation to admin via SSH.

SoftIron HyperCloud 2.5.0 through 2.6.3 may incorrectly add user SSH keys to the administrator-level authorized keys under certain conditions, allowing unauthorized privilege escalation to admin via SSH.

Ссылки

EPSS

Процентиль: 23%

0.00074

Низкий

8.8 High

CVSS4

CVE ID

Дефекты

CWE-269

Связанные уязвимости

CVE-2025-10650

nvd

5 месяцев назад

SoftIron HyperCloud 2.5.0 through 2.6.3 may incorrectly add user SSH keys to the administrator-level authorized keys under certain conditions, allowing unauthorized privilege escalation to admin via SSH.

EPSS

Процентиль: 23%

0.00074

Низкий

8.8 High

CVSS4

CVE ID

Дефекты

CWE-269