CVE-2025-32409 HIGH

CVE-2025-32409

Vendor Ratta
Product SuperNote A6 X2 Nomad
Weakness CWE-23
Published April 7, 2025
Last update April 8, 2025

CVSS base score

8.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Ratta SuperNote A6 X2 Nomad before December 2024 allows remote code execution because an arbitrary firmware image (signed with debug keys) can be sent to TCP port 60002, and placed into the correct image-update location as a consequence of both directory traversal and unintended handling of concurrency.

Key dates

02Disclosure timeline

April 7, 2025 CVE published
April 8, 2025 Record updated