CVE-2024-25825

CRITICAL

FydeOS and OpenFyde R114 - Use of Hard-coded Password

Title source: llm

Description

FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114 were discovered to be configured with the root password saved as a wildcard. This allows attackers to gain root access without a password.

References (4)

Core 4

Core References

Various Sources

https://fydeos.io/

Various Sources

https://gist.github.com/hchasens/d20dff418f6908dc96e65f4e43a058f1

Various Sources

https://github.com/openFyde/

Various Sources

https://openfyde.io/

Scores

CVSS v3 9.8

EPSS 0.0052

EPSS Percentile 39.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-259

Status published

Published Oct 09, 2024

Tracked Since Feb 18, 2026