Unauthorized Privilege Escalation in SoftIron HyperCloud SSH Key Management
CVE-2025-10650

8.8HIGH

Key Information:

Vendor: Softiron
Status: Hypercloud
Vendor: CVE Published:; 18 September 2025

What is CVE-2025-10650?

SoftIron HyperCloud versions 2.5.0 through 2.6.3 contain a vulnerability in the SSH key management system that may lead to unauthorized users being granted administrator-level access. Under specific conditions, user SSH keys can be incorrectly added to the administrator's authorized keys, allowing potential attackers to gain elevated privileges via SSH. Organizations using affected versions are encouraged to review their SSH key management practices to mitigate risks associated with this vulnerability.

Affected Version(s)

HyperCloud 2.5.0 < 2.6.4

References

https://advisories.softiron.cloud/

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2025
Vulnerability Reserved
Sep 17, 2025

Softiron

What is CVE-2025-10650?

Affected Version(s)

References

CVSS V4

Timeline