Unrated severityNVD Advisory· Published Dec 24, 2025· Updated Dec 31, 2025

FaceSentry Access Control System 6.4.8 Remote SSH Root Access

CVE-2019-25241

Description

FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication.

Affected products

Cisco Systems, Inc./Secure Access Control Systemllm-fuzzy
Range: =6.4.8
iWT Ltd./FaceSentry Access Control Systemv5
Range: 6.4.8 build 264

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/47067mitreexploit
www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5526.phpmitrethird-party-advisory
www.iwt.com.hkmitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000