Vulnerability Description
A vulnerability exists in the ConsoleFindCommandMatchList function in libsymproc. so imported by ctpd that may lead to unauthorized execution of an attacker-defined file that gets prioritized by the ConsoleFindCommandMatchList. A third-party researcher discovered that the ConsoleFindCommandMatchList enumerates the /dev/shm/symproc/c directory in alphabetical order to identify console commands. Permission levels are inferred from the integer values present in each command's file name. Confirmed Affected Hardware: TSW-760, TSW-1060 Confirmed Affected Firmware: 3.002.1061 Fixed Firmware: no fixed released (product is discontinued and end of life) For x70 The Affected Firmware:- 3.000.0110.001 and versions below The Fixed Firmware:- 3.001.0031.001
Related Weaknesses (CWE)
References
- https://security.crestron.com
- https://www.crestron.com/Software-Firmware/Firmware/Touchpanels/TS-770-TS-1070-T
FAQ
What is CVE-2025-47416?
CVE-2025-47416 is a documented vulnerability. A vulnerability exists in the ConsoleFindCommandMatchList function in libsymproc. so imported by ctpd that may lead to unauthorized execution of an attacker-defined file that gets prioritized by the C...
How severe is CVE-2025-47416?
CVSS scoring is not yet available for CVE-2025-47416. Check NVD for updates.
Is there a patch for CVE-2025-47416?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.