High severity8.1NVD Advisory· Published Apr 7, 2025· Updated Apr 15, 2026

CVE-2025-32409

Description

Ratta SuperNote A6 X2 Nomad before December 2024 allows remote code execution because an arbitrary firmware image (signed with debug keys) can be sent to TCP port 60002, and placed into the correct image-update location as a consequence of both directory traversal and unintended handling of concurrency.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.prizmlabs.io/post/remote-rootkits-uncovering-a-0-click-rce-in-the-supernote-nomad-e-ink-tabletnvd

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000