High severityNVD Advisory· Published Oct 28, 2025· Updated Apr 15, 2026
CVE-2025-1038
CVE-2025-1038
Description
The “Diagnostics Tools” page of the web-based configuration utility does not properly validate user-controlled input, allowing an authenticated user with high privileges to inject commands into the command shell of the TropOS 4th Gen device. The injected commands can be exploited to execute several set-uid (SUID) applications to ultimately gain root access to the TropOS device.
Affected products
1Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.