CVE-2025-7024 MEDIUM

CVE-2025-7024: Local privilege escalation in Windows Server OS through installed Tetra Connectivity Server (TCS)

Vendor Airbus
Product TETRA Connectivity Server (TCS)
Weakness CWE-276
Published April 3, 2026
Last update April 3, 2026

CVSS base score

5.6/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U

What the vulnerability does

01Description

Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse. An attacker may execute arbitrary code with SYSTEM privileges if a user is tricked or directed to place a crafted file into the vulnerable directory. This issue affects TETRA connectivity Server: 7.0. Vulnerability fix is available and delivered to impacted customers.

Key dates

02Disclosure timeline

April 3, 2026 CVE published
April 3, 2026 Record updated