Privilege Escalation Vulnerability in NCR Atleos Terminal Manager
CVE-2025-61429

8.8HIGH

Key Information:

Vendor: NCR Corporation
Status: Atleos Terminal Manager
Vendor: CVE Published:; 29 October 2025

🔔 Create NCR Corporation Vulnerability Alert

What is CVE-2025-61429?

A vulnerability in NCR Atleos Terminal Manager (ConfigApp) version 3.4.0 allows attackers to elevate their privileges by sending specially crafted requests. This flaw can lead to unauthorized access and manipulation of user rights, potentially compromising the system's integrity and security. It is crucial for organizations using this system to apply patches and updates to mitigate the risk associated with this vulnerability.

References

https://medium.com/@sulaimanalabduli/title-817c6346ac65

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 29, 2025
Vulnerability Reserved
Sep 26, 2025

JSON