CVE-2025-9966 HIGH

CVE-2025-9966: Execution with Unnecessary Privileges

Vendor Novakon

Product P series (P07, P10, P12, P15)

Weakness CWE-269

Published September 23, 2025

Last update March 31, 2026

View on NVD All CVEs

CVSS base score

7.3/10

Attack vector Physical

Attack complexity High

Privileges required High

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:P/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

Improper privilege management vulnerability in Novakon P series allows attackers to gain root privileges if one service is compromized.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9).

Key dates

02Disclosure timeline

September 23, 2025 CVE published

March 31, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-9966 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/269.html

Related vulnerabilities

Identifiers

CVE CVE-2025-9966

CWE CWE-269

CVSS 7.3 / HIGH

Affected versions