CVE-2025-1036

Vulnerability Description

Command injection vulnerability exists in the “Logging” page of the web-based configuration utility. An authenticated user with low privileged network access for the configuration utility can execute arbitrary commands on the underlying OS to obtain root SSH access to the TropOS 4th Gen device.

Related Weaknesses (CWE)

CWE-78

References

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000214&LanguageCode=e

FAQ

What is CVE-2025-1036?

CVE-2025-1036 is a documented vulnerability. Command injection vulnerability exists in the “Logging” page of the web-based configuration utility. An authenticated user with low privileged network access for the configuration utility can execute ...

How severe is CVE-2025-1036?

CVSS scoring is not yet available for CVE-2025-1036. Check NVD for updates.

Is there a patch for CVE-2025-1036?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.