CVE-2019-25241 CRITICAL

CVE-2019-25241: FaceSentry Access Control System 6.4.8 Remote SSH Root Access

Vendor Iwt Ltd.
Product FaceSentry Access Control System
Weakness CWE-798 · Hardcoded credentials
Published December 24, 2025
Last update December 31, 2025

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication.

Key dates

02Disclosure timeline

December 24, 2025 CVE published
December 31, 2025 Record updated