CVE-2025-66238

Sunbird DCIM dcTrack and Power IQ Authentication Bypass Using an Alternate Path or Channel

Description

DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine.

INFO

Published Date :

2025-12-04T21:10:11.206Z

Last Modified :

2025-12-05T17:01:14.562Z

Source :

icscert

AFFECTED PRODUCTS

The following products are affected by CVE-2025-66238 vulnerability.

Vendors	Products
Sunbirddcim	Dctrack Power Iq

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-66238.

URL	Resource
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-338-05.json
https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-05

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact