CVE-2025-66620
BaseFortify
Publication date: 2026-01-07
Last updated on: 2026-01-22
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| columbiaweather | weather_microserver_firmware | to MS_4.1_14142 (exc) |
| columbiaweather | weather_microserver | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-553 | A possible shell file exists in /cgi-bin/ or other accessible directories. This is extremely dangerous and can be used by an attacker to execute commands on the web server. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves an unused webshell in MicroServer that allows unlimited login attempts. An attacker with admin access can gain limited shell access with sudo rights on certain files and directories. This access enables the attacker to maintain persistence through reverse shells and to modify or remove data stored in the file system.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker with admin access to gain shell access with elevated privileges, potentially leading to unauthorized modification or deletion of data, and persistent access to the system through reverse shells. This can compromise system integrity, availability, and confidentiality.