CVE-2025-27028
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-09
Last updated on: 2025-07-10
Assigner: ENISA
Description
Description
The Linux deprivileged user vpuser in Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) can read the entire file system content, including files belonging to other users and having restricted access (like, for example, the root password hash).
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| radiflow | isap_smart_collector | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive information, including critical system files and password hashes, which could be exploited to escalate privileges or compromise system security.
Can you explain this vulnerability to me?
This vulnerability allows the Linux deprivileged user 'vpuser' in Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) to read the entire file system content, including files that belong to other users and have restricted access, such as the root password hash.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70