Information Disclosure Vulnerability in Radiflow iSAP Smart Collector
CVE-2025-27028

6.8MEDIUM

Key Information:

Vendor: Radiflow
Status: ISAP Smart Collector
Vendor: CVE Published:; 9 July 2025

What is CVE-2025-27028?

A deprivileged user account, vpuser, in the Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) has been found to possess the ability to read sensitive content across the entire file system. This includes access to files owned by other users and even files that are typically restricted, such as the root password hash. This vulnerability raises significant security concerns, as unauthorized access to sensitive information can lead to further exploitation and compromise of the system.

Affected Version(s)

iSAP Smart Collector Linux 1.20 < 3.02-1

References

https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27028

government-resource

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2025
Vulnerability Reserved
Feb 18, 2025