Description

The “Diagnostics Tools” page of the web-based configuration utility does not properly validate user-controlled input, allowing an authenticated user with high privileges to inject commands into the command shell of the TropOS 4th Gen device. The injected commands can be exploited to execute several set-uid (SUID) applications to ultimately gain root access to the TropOS device.

INFO

Published Date :

2025-10-28T12:17:23.182Z

Last Modified :

2025-10-28T13:11:10.628Z

Source :

Hitachi Energy
AFFECTED PRODUCTS

The following products are affected by CVE-2025-1038 vulnerability.

Vendors Products
Hitachienergy
  • Tropos
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-1038.

URL Resource
https://publisher.hitachienergy.com/preview?DocumentID=8DBD000214&LanguageCode=en&DocumentPartId=&Action=Launch cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability