Description
SoftIron HyperCloud 2.5.0 through 2.6.3 may incorrectly add user SSH keys to the administrator-level authorized keys under certain conditions, allowing unauthorized privilege escalation to admin via SSH. Affects non-production debug and internal development builds created between versions 2.5.0 and 2.6.3. No generally available (GA) or customer-released production builds were affected. There is no evidence that this issue was exposed in customer environments or production deployments.
References (1)
Core 1
Core References
Various Sources
https://advisories.softiron.cloud/
Scores
CVSS v4
1.8
EPSS
0.0011
EPSS Percentile
1.8%
CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-269
Status
published
Products (1)
SoftIron/HyperCloud
2.5.0 - 2.6.4
Published
Sep 18, 2025
Tracked Since
Feb 18, 2026