Shell Access Bypass in Linux Device by User Credential Exploit
CVE-2025-27027

4.1MEDIUM

Key Information:

Vendor

Radiflow

Vendor
CVE Published:
9 July 2025

What is CVE-2025-27027?

A limited user with vpuser credentials on a Linux device can exploit a flaw when opening an SSH connection. Instead of being restricted to a predefined set of commands through rbash, the user gains access to a full-featured Linux shell, allowing them to bypass security measures and potentially execute unauthorized commands. This vulnerability poses significant risks for device security and necessitates immediate attention from administrators to mitigate potential threats.

Affected Version(s)

iSAP Smart Collector Linux 1.20 < 3.02-1

References

CVSS V3.1

Score:
4.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-27027 : Shell Access Bypass in Linux Device by User Credential Exploit