CVE-2025-47416
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-09-09
Assigner: Crestron Electronics, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| crestron | firmware | 3.002.1061 |
| crestron | tsw-1060 | * |
| crestron | firmware | 3.001.0031.001 |
| crestron | firmware | 3.000.0110.001 |
| crestron | tsw-760 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-697 | The product compares two entities in a security-relevant context, but the comparison is incorrect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the ConsoleFindCommandMatchList function in libsymproc, which is imported by ctpd. The function enumerates files in the /dev/shm/symproc/c directory in alphabetical order to identify console commands, using integer values in file names to infer permission levels. An attacker can exploit this behavior to cause unauthorized execution of an attacker-defined file that is prioritized by the ConsoleFindCommandMatchList.
How can this vulnerability impact me? :
The vulnerability may allow an attacker to execute unauthorized files with potentially elevated permissions, leading to unauthorized actions on affected hardware running vulnerable firmware versions. This could compromise system integrity or security.