CVE-2025-47416
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-09

Last updated on: 2025-09-09

Assigner: Crestron Electronics, Inc.

Description
A vulnerability exists in the ConsoleFindCommandMatchList function in libsymproc. so imported by ctpd that may lead to unauthorized execution of an attacker-defined file that gets prioritized by the ConsoleFindCommandMatchList. A third-party researcher discovered that the ConsoleFindCommandMatchList enumerates the /dev/shm/symproc/c directory in alphabetical order to identify console commands. Permission levels are inferred from the integer values present in each command's file name.  Confirmed Affected Hardware: TSW-760, TSW-1060 Confirmed Affected Firmware: 3.002.1061  Fixed Firmware: no fixed released (product is discontinued and end of life)   For x70   The Affected Firmware:- 3.000.0110.001  and versions below The Fixed Firmware:- 3.001.0031.001
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-09
Last Modified
2025-09-09
Generated
2026-06-16
AI Q&A
2025-09-09
EPSS Evaluated
2026-06-15
NVD
CVE-2025-47416
EUVD
EUVD-2025-27258
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
crestron firmware 3.002.1061
crestron tsw-1060 *
crestron firmware 3.001.0031.001
crestron firmware 3.000.0110.001
crestron tsw-760 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-697 The product compares two entities in a security-relevant context, but the comparison is incorrect.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the ConsoleFindCommandMatchList function in libsymproc, which is imported by ctpd. The function enumerates files in the /dev/shm/symproc/c directory in alphabetical order to identify console commands, using integer values in file names to infer permission levels. An attacker can exploit this behavior to cause unauthorized execution of an attacker-defined file that is prioritized by the ConsoleFindCommandMatchList.

Impact Analysis

The vulnerability may allow an attacker to execute unauthorized files with potentially elevated permissions, leading to unauthorized actions on affected hardware running vulnerable firmware versions. This could compromise system integrity or security.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-47416. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart