CVE-2025-47416

EPSS 0.08%
Veröffentlicht 09.09.2025 13:52:45
Zuletzt bearbeitet 09.09.2025 16:28:43
Quelle 25b0b659-c4b4-483f-aecb-067757
Teams Watchlist Login
Unerledigt Login

A vulnerability exists in the ConsoleFindCommandMatchList function in libsymproc. so imported by ctpd that may lead to unauthorized execution of an attacker-defined file that gets prioritized by the ConsoleFindCommandMatchList.



A third-party researcher discovered that the ConsoleFindCommandMatchList enumerates the /dev/shm/symproc/c directory in alphabetical order to identify console commands. Permission levels are inferred from the integer values present in each command's file name. 



Confirmed Affected Hardware: TSW-760, TSW-1060 



Confirmed Affected Firmware: 3.002.1061 



Fixed Firmware: no fixed released (product is discontinued and end of life)



 



For x70  



The Affected Firmware:- 3.000.0110.001  and versions below 



The Fixed Firmware:- 3.001.0031.001

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerCRESTRON

≫

Produkt TOUCHSCREEN x70

Default Statusunaffected

Version < 3.001.0031.001

Version 3.000.0110.001

Status affected

HerstellerCRESTRON

≫

Produkt Touchscreen x60s

Default Statusunaffected

Version 3.002.1061

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.249

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
25b0b659-c4b4-483f-aecb-067757d23ef3	5.9	0	0	CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-697 Incorrect Comparison

The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

https://security.crestron.com

https://www.crestron.com/Software-Firmware/Firmware/Touchpanels/TS-770-TS-1070-TSS-770-TSS-1070-TSW-570/3-002-0040-001

https://nvd.nist.gov/vuln/detail/CVE-2025-47416

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-47416

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-47416

EUVD