{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-66238", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2025-11-25T17:32:15.110Z", "datePublished": "2025-12-04T21:10:11.206Z", "dateUpdated": "2025-12-05T17:01:14.562Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "DCIM dcTrack", "vendor": "Sunbird", "versions": [{"lessThanOrEqual": "v9.2.0", "status": "affected", "version": "0", "versionType": "custom"}, {"status": "unaffected", "version": "9.2.3"}]}, {"defaultStatus": "unaffected", "product": "IQ", "vendor": "Sunbird", "versions": [{"lessThanOrEqual": "v9.2.0", "status": "affected", "version": "0", "versionType": "custom"}, {"status": "unaffected", "version": "9.2.1"}]}], "credits": [{"lang": "en", "type": "finder", "value": "notnotnotveg (notnotnotveg@gmail.com) reported these vulnerabilities to CISA."}], "datePublic": "2025-12-04T17:01:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine.</span>\n\n</span>\n\n</span>"}], "value": "DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 7.4, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-12-04T21:10:11.206Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-05"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-338-05.json"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Sunbird recommends that users take the following actions:</p><ul><li>dcTrack: Update to 9.2.3</li><li>Power: Update to IQ 9.2.1</li></ul><br>"}], "value": "Sunbird recommends that users take the following actions:\n\n * dcTrack: Update to 9.2.3\n * Power: Update to IQ 9.2.1"}], "source": {"advisory": "ICSA-25-338-05", "discovery": "EXTERNAL"}, "title": "Sunbird DCIM dcTrack and Power IQ Authentication Bypass Using an Alternate Path or Channel", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>If updating immediately is not possible, Sunbird additionally recommends that customers:</p>\n<ul>\n<li>Restrict SSH or any non-essential port access in the IP Based Access Control.</li>\n<li>Passwords for SSH based user accounts be changed at the time of deployment.</li>\n</ul>\n\n<br>"}], "value": "If updating immediately is not possible, Sunbird additionally recommends that customers:\n\n\n\n * Restrict SSH or any non-essential port access in the IP Based Access Control.\n\n * Passwords for SSH based user accounts be changed at the time of deployment."}], "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-05T17:01:04.433609Z", "id": "CVE-2025-66238", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-05T17:01:14.562Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-66238", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-05T17:01:04.433609Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-05T17:01:11.411Z"}}], "cna": {"title": "Sunbird DCIM dcTrack and Power IQ Authentication Bypass Using an Alternate Path or Channel", "source": {"advisory": "ICSA-25-338-05", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "notnotnotveg (notnotnotveg@gmail.com) reported these vulnerabilities to CISA."}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.4, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Sunbird", "product": "DCIM dcTrack", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "v9.2.0"}, {"status": "unaffected", "version": "9.2.3"}], "defaultStatus": "unaffected"}, {"vendor": "Sunbird", "product": "IQ", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "v9.2.0"}, {"status": "unaffected", "version": "9.2.1"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Sunbird recommends that users take the following actions:\n\n * dcTrack: Update to 9.2.3\n * Power: Update to IQ 9.2.1", "supportingMedia": [{"type": "text/html", "value": "<p>Sunbird recommends that users take the following actions:</p><ul><li>dcTrack: Update to 9.2.3</li><li>Power: Update to IQ 9.2.1</li></ul><br>", "base64": false}]}], "datePublic": "2025-12-04T17:01:00.000Z", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-05"}, {"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-338-05.json"}], "workarounds": [{"lang": "en", "value": "If updating immediately is not possible, Sunbird additionally recommends that customers:\n\n\n\n * Restrict SSH or any non-essential port access in the IP Based Access Control.\n\n * Passwords for SSH based user accounts be changed at the time of deployment.", "supportingMedia": [{"type": "text/html", "value": "<p>If updating immediately is not possible, Sunbird additionally recommends that customers:</p>\n<ul>\n<li>Restrict SSH or any non-essential port access in the IP Based Access Control.</li>\n<li>Passwords for SSH based user accounts be changed at the time of deployment.</li>\n</ul>\n\n<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine.</span>\n\n</span>\n\n</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-12-04T21:10:11.206Z"}}}, "cveMetadata": {"cveId": "CVE-2025-66238", "state": "PUBLISHED", "dateUpdated": "2025-12-05T17:01:14.562Z", "dateReserved": "2025-11-25T17:32:15.110Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2025-12-04T21:10:11.206Z", "assignerShortName": "icscert"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine."}], "id": "CVE-2025-66238", "lastModified": "2025-12-04T22:15:49.320", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2025-12-04T22:15:49.320", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-338-05.json"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-05"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}

{}