CVE-2025-66238
7.4
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Summary
DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Sunbird | DCIM dcTrack | 0 <= v9.2.0 | affected |
| Sunbird | DCIM dcTrack | 9.2.3 | unaffected |
| Sunbird | IQ | 0 <= v9.2.0 | affected |
| Sunbird | IQ | 9.2.1 | unaffected |
Weaknesses
- CWE-288: CWE-288 Authentication Bypass Using an Alternate Path or Channel
Workarounds
If updating immediately is not possible, Sunbird additionally recommends that customers:
Restrict SSH or any non-essential port access in the IP Based Access Control.
Passwords for SSH based user accounts be changed at the time of deployment.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-05
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-338-05.json
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.