CVE-2025-27027

Restricted shell evasion in Radiflow iSAP Smart Collector

CVSS 4.1 MEDIUMEPSS 0.2%CWE-653

A user with vpuser credentials that opens an SSH connection to the device, gets a restricted shell rbash that allows only a small list of allowed commands. This vulnerability enables the user to get a full-featured Linux shell, bypassing the rbash restrictions.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

Productos afectados

Radiflow · iSAP Smart Collector

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27027