CVE-2025-1425 MEDIUM

CVE-2025-1425: File Read Through Improper Sudo Privilege Management

Vendor Pocketbook

Product InkPad Color 3

Weakness CWE-269

Published March 4, 2025

Last update March 4, 2025

View on NVD All CVEs

CVSS base score

4.7/10

Attack vector Physical

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H

What the vulnerability does

01Description

A Sudo privilege misconfiguration vulnerability in PocketBook InkPad Color 3 on Linux, ARM allows attackers to read file contents on the device.This issue affects InkPad Color 3: U743k3.6.8.3671.

Key dates

02Disclosure timeline

March 4, 2025 CVE published

March 4, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-1425 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/269.html

Related vulnerabilities

04Related CVE

CVE-2024-31237 WordPress s2Member plugin <= 240315 - Privilege Escalation vulnerability CVE-2024-43401 In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them CVE-2024-28241 GlPI-Agent MSI package installation doesn't update folder security profile when using non default installation folder CVE-2022-22263 CVE-2017-20076 Hindu Matrimonial Script searchview.php privileges management