CVE-2025-4043

MEDIUM

Published May 7, 2025 Modified Jun 23, 2025 CWE-1274

Description

An admin user can gain unauthorized write access to the /etc/rc.local file on the device, which is executed on a system boot.

CVSS v3.1 Score

6.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N

Weakness Type (CWE)

CWE-1274 CWE-1274

Affected Products

Vendor	Product	Versions
milesight	ug65-868m-ea_firmware	< 60.0.0.46
milesight	ug65-868m-ea	All

References

Other References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-126-02 https://www.milesight.com/iot/resources/download-center/#firmware-ug65

Frequently Asked Questions

What is CVE-2025-4043? +

An admin user can gain unauthorized write access to the /etc/rc.local file on the device, which is executed on a system boot. It has a CVSS v3.1 base score of 6.8 (MEDIUM).

How severe is CVE-2025-4043? +

CVE-2025-4043 has a CVSS v3.1 score of 6.8 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.

What products are affected by CVE-2025-4043? +

CVE-2025-4043 affects products from milesight, specifically: ug65-868m-ea, ug65-868m-ea_firmware. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2025-4043? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2024-36345

Improper input validation in the AMD OverDrive (AOD) System Management Mode (SMM) module could allow a privileged attacker to perform …

CVE-2023-31345 7.5

Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code …

CVE-2025-59404 7.5

Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with its bootloader unlocked. This permits bypass of Android Verified Boot …

CVE-2025-59694 6.8

The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a …

CVE-2024-36388 10.0

MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function

CVE-2024-27776 9.8

MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated RCE