CVE-2025-7024

HIGH

Local privilege escalation in Windows Server OS through installed Tetra Connectivity Server (TCS)

Title source: cna

Description

Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse. An attacker may execute arbitrary code with SYSTEM privileges if a user is tricked or directed to place a crafted file into the vulnerable directory. This issue affects TETRA connectivity Server: 7.0. Vulnerability fix is available and delivered to impacted customers.

References (1)

https://cwe.mitre.org/data/definitions/276.html

Scores

CVSS v3 7.3

EPSS 0.0001

EPSS Percentile 1.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-276

Status published

Products (3)

AIRBUS/TETRA Connectivity Server (TCS) 7.0

AIRBUS/TETRA Connectivity Server (TCS) 8.0

AIRBUS/TETRA Connectivity Server (TCS) 9.0

Published Apr 03, 2026

Tracked Since Apr 03, 2026