CVE-2024-25825

CRITICAL

FydeOS - Privilege Escalation

Title source: llm

Description

FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114 were discovered to be configured with the root password saved as a wildcard. This allows attackers to gain root access without a password.

References (4)

[Various Sources] https://fydeos.io/

[Various Sources] https://gist.github.com/hchasens/d20dff418f6908dc96e65f4e43a058f1

[Various Sources] https://github.com/openFyde/

[Various Sources] https://openfyde.io/

Scores

CVSS v3 9.8

EPSS 0.0034

EPSS Percentile 56.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-259

Status published

Published Oct 09, 2024

Tracked Since Feb 18, 2026