Vulnerability Description
SoftIron HyperCloud 2.5.0 through 2.6.3 may incorrectly add user SSH keys to the administrator-level authorized keys under certain conditions, allowing unauthorized privilege escalation to admin via SSH. Affects non-production debug and internal development builds created between versions 2.5.0 and 2.6.3. No generally available (GA) or customer-released production builds were affected. There is no evidence that this issue was exposed in customer environments or production deployments.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-10650?
CVE-2025-10650 is a documented vulnerability. SoftIron HyperCloud 2.5.0 through 2.6.3 may incorrectly add user SSH keys to the administrator-level authorized keys under certain conditions, allowing unauthorized privilege escalation to admin via S...
How severe is CVE-2025-10650?
CVSS scoring is not yet available for CVE-2025-10650. Check NVD for updates.
Is there a patch for CVE-2025-10650?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.