CVE-2025-48416
HIGHDescription
An OpenSSH daemon listens on TCP port 22. There is a hard-coded entry in the "/etc/shadow" file in the firmware image for the "root" user. However, in the default SSH configuration the "PermitRootLogin" is disabled, preventing the root user from logging in via SSH. This configuration can be bypassed/changed by an attacker through multiple paths though.
Is your site exposed to CVE-2025-48416?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-48416? +
How severe is CVE-2025-48416? +
How do I check if I'm vulnerable to CVE-2025-48416? +
Related Vulnerabilities
Improper Validation of Integrity Check Value vulnerability in Sharp Display Solutions projectors allows a attacker may create and run unauthorized …
An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not …
Longse model LBH30FE200W cameras, as well as products based on this device, provide an unrestricted access for an attacker located …
A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 …
The "update" binary in the firmware of the affected product sends attempts to mount to a hard-coded, routable IP address, …
A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets …