CVE-2025-27027

Summary

A user with vpuser credentials that opens an SSH connection to the device, gets a restricted shell rbash that allows only a small list of allowed commands. This vulnerability enables the user to get a full-featured Linux shell, bypassing the rbash restrictions.

Affected Software

VendorProductVersion RangeStatus
RadiflowiSAP Smart Collector1.20 < 3.02-1affected

Weaknesses

  • CWE-653: CWE-653 Improper Isolation or Compartmentalization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References