CVE-2025-1037 HIGH

CVE-2025-1037

Vendor Hitachi Energy
Product TropOS 4th Gen
Weakness CWE-269
Published October 28, 2025
Last update October 28, 2025

CVSS base score

7.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

By making minor configuration changes to the TropOS 4th Gen device, an authenticated user with the ability to run user level shell commands can enable access via secure shell (SSH) to an unrestricted root shell. This is possible through abuse of a particular set of scripts and executables that allow for certain commands to be run as root from an unprivileged context.

Key dates

02Disclosure timeline

October 28, 2025 CVE published
October 28, 2025 Record updated