Shell Access Bypass in Linux Device by User Credential Exploit
CVE-2025-27027
4.1MEDIUM
What is CVE-2025-27027?
A limited user with vpuser credentials on a Linux device can exploit a flaw when opening an SSH connection. Instead of being restricted to a predefined set of commands through rbash, the user gains access to a full-featured Linux shell, allowing them to bypass security measures and potentially execute unauthorized commands. This vulnerability poses significant risks for device security and necessitates immediate attention from administrators to mitigate potential threats.
Affected Version(s)
iSAP Smart Collector Linux 1.20 < 3.02-1