CVE-2025-66620

EPSS 0.07%
Veröffentlicht 07.01.2026 20:08:33
Zuletzt bearbeitet 22.01.2026 17:33:55
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with admin access to MicroServer can gain limited shell access, enabling persistence through reverse shells, and the ability to modify or remove data stored in the file system.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Columbiaweather ≫ Weather Microserver Firmware Version < MS_4.1_14142

Columbiaweather ≫ Weather Microserver Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.208

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
ics-cert@hq.dhs.gov	8.6	0	0	CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
ics-cert@hq.dhs.gov	8	2.1	5.9	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-553 Command Shell in Externally Accessible Directory

A possible shell file exists in /cgi-bin/ or other accessible directories. This is extremely dangerous and can be used by an attacker to execute commands on the web server.

https://www.cisa.gov/news-events/ics-advisories/icsa-26-006-01

Third Party Advisory

US Government Resource

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-006-01.json

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-66620

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-66620

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-66620

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-66620