CVE-2025-66237

Summary

DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host.

Affected Software

VendorProductVersion RangeStatus
SunbirdDCIM dcTrack0 <= v9.2.0affected
SunbirdDCIM dcTrack9.2.3unaffected
SunbirdPower IQ0 <= v9.2.0affected
SunbirdPower IQ9.2.1unaffected

Weaknesses

  • CWE-798: CWE-798 Use of Hard-coded Credentials

Workarounds

If updating immediately is not possible, Sunbird additionally recommends that customers:

  • Restrict SSH or any non-essential port access in the IP Based Access Control.
  • Passwords for SSH based user accounts be changed at the time of deployment.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References