CVE-2025-7024

Summary

Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse.

An attacker may execute arbitrary code with SYSTEM privileges if a user is tricked or directed to place a crafted file into the vulnerable directory.

This issue affects TETRA connectivity Server: 7.0.

Vulnerability fix is available and delivered to impacted customers.

Affected Software

VendorProductVersion RangeStatus
AIRBUSTETRA Connectivity Server (TCS)7.0affected
AIRBUSTETRA Connectivity Server (TCS)8.0unaffected
AIRBUSTETRA Connectivity Server (TCS)9.0unaffected

Weaknesses

  • CWE-276: CWE-276 Incorrect Default Permissions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References