CVE-2025-27027 MEDIUM

CVE-2025-27027: Restricted shell evasion in Radiflow iSAP Smart Collector

Vendor Radiflow
Product iSAP Smart Collector
Weakness CWE-653
Published July 9, 2025
Last update July 9, 2025

CVSS base score

4.1/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

A user with vpuser credentials that opens an SSH connection to the device, gets a restricted shell rbash that allows only a small list of allowed commands. This vulnerability enables the user to get a full-featured Linux shell, bypassing the rbash restrictions.

Key dates

02Disclosure timeline

July 9, 2025 CVE published
July 9, 2025 Record updated