CVE-2025-66237 HIGH

CVE-2025-66237: Sunbird DCIM dcTrack and Power IQ Use of Hard-coded Credentials

Vendor Sunbird
Product DCIM dcTrack
Weakness CWE-798 · Hardcoded credentials
Published December 4, 2025
Last update June 4, 2026

CVSS base score

8.4/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host.

Key dates

02Disclosure timeline

December 4, 2025 CVE published
June 4, 2026 Record updated