CVE-2025-1038

Vulnerability Description

The “Diagnostics Tools” page of the web-based configuration utility does not properly validate user-controlled input, allowing an authenticated user with high privileges to inject commands into the command shell of the TropOS 4th Gen device. The injected commands can be exploited to execute several set-uid (SUID) applications to ultimately gain root access to the TropOS device.

Related Weaknesses (CWE)

CWE-78

References

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000214&LanguageCode=e

FAQ

What is CVE-2025-1038?

CVE-2025-1038 is a documented vulnerability. The “Diagnostics Tools” page of the web-based configuration utility does not properly validate user-controlled input, allowing an authenticated user with high privileges to inject commands into the co...

How severe is CVE-2025-1038?

CVSS scoring is not yet available for CVE-2025-1038. Check NVD for updates.

Is there a patch for CVE-2025-1038?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.