Shell Access Bypass in Linux Device by User Credential Exploit
CVE-2025-27027

4.1MEDIUM

Key Information:

Vendor: Radiflow
Status: ISAP Smart Collector
Vendor: CVE Published:; 9 July 2025

What is CVE-2025-27027?

A limited user with vpuser credentials on a Linux device can exploit a flaw when opening an SSH connection. Instead of being restricted to a predefined set of commands through rbash, the user gains access to a full-featured Linux shell, allowing them to bypass security measures and potentially execute unauthorized commands. This vulnerability poses significant risks for device security and necessitates immediate attention from administrators to mitigate potential threats.

Affected Version(s)

iSAP Smart Collector Linux 1.20 < 3.02-1

References

https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27027

government-resource

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2025
Vulnerability Reserved
Feb 18, 2025

Radiflow

What is CVE-2025-27027?

Affected Version(s)

References

CVSS V3.1

Timeline