CVE-2025-52548
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-02

Last updated on: 2025-10-01

Assigner: Armis

Description
E3 Site Supervisor Control (firmware version < 2.31F01) contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the underlying OS.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-02
Last Modified
2025-10-01
Generated
2026-06-16
AI Q&A
2025-09-02
EPSS Evaluated
2026-06-15
NVD
CVE-2025-52548
EUVD
EUVD-2025-28445
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
copeland e3_supervisory_controller_firmware to 2.31f01 (exc)
copeland site_supervisor_bx_860-1240 *
copeland site_supervisor_bxe_860-1245 *
copeland site_supervisor_cx_860-1260 *
copeland site_supervisor_cxe_860-1265 *
copeland site_supervisor_rx_860-1220 *
copeland site_supervisor_rxe_860-1225 *
copeland site_supervisor_sf_860-1200 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1242 The device includes chicken bits or undocumented features that can create entry points for unauthorized actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in E3 Site Supervisor Control firmware versions below 2.31F01. It involves a hidden API call within the application services that can enable SSH and Shellinabox, which are present but disabled by default. An attacker who already has administrative access to the application services can exploit this API to enable remote access to the underlying operating system.

Impact Analysis

If exploited, this vulnerability allows an attacker with admin access to enable remote access to the underlying OS via SSH or Shellinabox. This could lead to unauthorized control over the system, potentially compromising system integrity, confidentiality, and availability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-52548. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart