CVE-2025-61792
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-09-30

Last updated on: 2025-10-02

Assigner: MITRE

Description
Quadient DS-700 iQ devices through 2025-09-30 might have a race condition during the quick clicking of (in order) the Question Mark button, the Help Button, the About button, and the Help Button, leading to a transition out of kiosk mode into local administrative access. NOTE: the reporter indicates that the "behavior was observed sporadically" during "limited time on the client site," making it not "possible to gain more information about the specific kiosk mode crashing issue," and the only conclusion was "there appears to be some form of race condition." Accordingly, there can be doubt that a reproducible cybersecurity vulnerability was identified; sporadic software crashes can also be caused by a hardware fault on a single device (for example, transient RAM errors). The reporter also describes a variety of other issues, including initial access via USB because of the absence of a "lock-pick resistant locking solution for the External Controller PC cabinet," which is not a cybersecurity vulnerability (section 4.1.5 of the CNA Operational Rules). Finally, it is unclear whether the device or OS configuration was inappropriate, given that the risks are typically limited to insider threats within the mail operations room of a large company.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-30
Last Modified
2025-10-02
Generated
2026-06-16
AI Q&A
2025-10-01
EPSS Evaluated
2026-06-15
NVD
CVE-2025-61792
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-362 The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves a race condition in Quadient DS-700 iQ devices that can occur when quickly clicking a sequence of buttons (Question Mark, Help, About, Help). This race condition might cause the device to exit kiosk mode and grant local administrative access. However, the behavior was observed sporadically and may not be reliably reproducible. It is also unclear if the issue is due to software or hardware faults, and the risk is generally limited to insider threats in specific environments.

Impact Analysis

If exploited, this vulnerability could allow an attacker to gain local administrative access to the device by exiting kiosk mode unexpectedly. This could lead to unauthorized control over the device, potentially compromising its security and functionality. However, the vulnerability appears to be sporadic and may not be easily reproducible, limiting the practical impact.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-61792. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart