CVE-2025-66238

Summary

DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine.

Affected Software

VendorProductVersion RangeStatus
SunbirdDCIM dcTrack0 <= v9.2.0affected
SunbirdDCIM dcTrack9.2.3unaffected
SunbirdIQ0 <= v9.2.0affected
SunbirdIQ9.2.1unaffected

Weaknesses

  • CWE-288: CWE-288 Authentication Bypass Using an Alternate Path or Channel

Workarounds

If updating immediately is not possible, Sunbird additionally recommends that customers:

  • Restrict SSH or any non-essential port access in the IP Based Access Control.

  • Passwords for SSH based user accounts be changed at the time of deployment.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References