CVE-2025-66620
HIGHColumbia Weather MicroServer Firmware - Webshell Shell Access
Title source: manualDescription
An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with admin access to MicroServer can gain limited shell access, enabling persistence through reverse shells, and the ability to modify or remove data stored in the file system.
References (2)
Core 2
Core References
Third Party Advisory
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-006-01.json
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-26-006-01
Scores
CVSS v3
8.0
EPSS
0.0042
EPSS Percentile
33.0%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-553
Status
published
Products (1)
columbiaweather/weather_microserver_firmware
< MS_4.1_14142
Published
Jan 07, 2026
Tracked Since
Feb 18, 2026