CVE-2025-27028 (GCVE-0-2025-27028)
Vulnerability from cvelistv5
Published
2025-07-09 08:38
Modified
2025-07-09 13:31
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
CWE
  • CWE-266 - Incorrect Privilege Assignment
Summary
The Linux deprivileged user vpuser in Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) can read the entire file system content, including files belonging to other users and having restricted access (like, for example, the root password hash).
References
Impacted products
Vendor Product Version
Radiflow iSAP Smart Collector Version: 1.20   
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27028",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-09T13:30:51.594528Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-09T13:31:33.386Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "iSAP Smart Collector",
          "vendor": "Radiflow",
          "versions": [
            {
              "lessThan": "3.02-1",
              "status": "affected",
              "version": "1.20",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe Linux deprivileged user \u003c/span\u003e\u003ci\u003evpuser\u003c/i\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;in Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) can read the entire file system content\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, including files belonging to other users and having restricted access (like, for example, the root password hash).\u003c/span\u003e\u003cbr\u003e\u003c/span\u003e"
            }
          ],
          "value": "The Linux deprivileged user vpuser\u00a0in Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) can read the entire file system content, including files belonging to other users and having restricted access (like, for example, the root password hash)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "CWE-266: Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-09T09:03:38.027Z",
        "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "shortName": "ENISA"
      },
      "references": [
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27028"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Read access of deprivileged Radiflow iSAP Smart Collector user",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
    "assignerShortName": "ENISA",
    "cveId": "CVE-2025-27028",
    "datePublished": "2025-07-09T08:38:21.462Z",
    "dateReserved": "2025-02-18T06:59:55.889Z",
    "dateUpdated": "2025-07-09T13:31:33.386Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-27028\",\"sourceIdentifier\":\"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158\",\"published\":\"2025-07-09T09:15:26.850\",\"lastModified\":\"2025-07-10T13:17:30.017\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Linux deprivileged user vpuser\u00a0in Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) can read the entire file system content, including files belonging to other users and having restricted access (like, for example, the root password hash).\"},{\"lang\":\"es\",\"value\":\"El usuario sin privilegios de Linux vpuser en Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) puede leer todo el contenido del sistema de archivos, incluidos los archivos que pertenecen a otros usuarios y que tienen acceso restringido (como, por ejemplo, el hash de la contrase\u00f1a root).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-266\"}]}],\"references\":[{\"url\":\"https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27028\",\"source\":\"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-27028\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-09T13:30:51.594528Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-09T13:31:02.787Z\"}}], \"cna\": {\"title\": \"Read access of deprivileged Radiflow iSAP Smart Collector user\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Radiflow\", \"product\": \"iSAP Smart Collector\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.20\", \"lessThan\": \"3.02-1\", \"versionType\": \"semver\"}], \"platforms\": [\"Linux\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27028\", \"tags\": [\"government-resource\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Linux deprivileged user vpuser\\u00a0in Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) can read the entire file system content, including files belonging to other users and having restricted access (like, for example, the root password hash).\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eThe Linux deprivileged user \u003c/span\u003e\u003ci\u003evpuser\u003c/i\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;in Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) can read the entire file system content\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e, including files belonging to other users and having restricted access (like, for example, the root password hash).\u003c/span\u003e\u003cbr\u003e\u003c/span\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-266\", \"description\": \"CWE-266: Incorrect Privilege Assignment\"}]}], \"providerMetadata\": {\"orgId\": \"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158\", \"shortName\": \"ENISA\", \"dateUpdated\": \"2025-07-09T09:03:38.027Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-27028\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-09T13:31:33.386Z\", \"dateReserved\": \"2025-02-18T06:59:55.889Z\", \"assignerOrgId\": \"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158\", \"datePublished\": \"2025-07-09T08:38:21.462Z\", \"assignerShortName\": \"ENISA\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.