Description
By making minor configuration changes to the TropOS 4th Gen device, an authenticated user with the ability to run user level shell commands can enable access via secure shell (SSH) to an unrestricted root shell. This is possible through abuse of a particular set of scripts and executables that allow for certain commands to be run as root from an unprivileged context.
Scores
CVSS v4
7.5
EPSS
0.0002
EPSS Percentile
6.3%
CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-269
Status
published
Products (1)
Hitachi Energy/TropOS 4th Gen
8.7.0.0 - 8.9.6.0
Published
Oct 28, 2025
Tracked Since
Feb 18, 2026