CVE-2025-66238 HIGH

CVE-2025-66238: Sunbird DCIM dcTrack and Power IQ Authentication Bypass Using an Alternate Path or Channel

Vendor Sunbird
Product DCIM dcTrack
Weakness CWE-288
Published December 4, 2025
Last update December 5, 2025

CVSS base score

7.4/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine.

Key dates

02Disclosure timeline

December 4, 2025 CVE published
December 5, 2025 Record updated