Medium severityNVD Advisory· Published Sep 9, 2025· Updated Apr 15, 2026

CVE-2025-47416

Description

A vulnerability exists in the ConsoleFindCommandMatchList function in libsymproc. so imported by ctpd that may lead to unauthorized execution of an attacker-defined file that gets prioritized by the ConsoleFindCommandMatchList.

A third-party researcher discovered that the ConsoleFindCommandMatchList enumerates the /dev/shm/symproc/c directory in alphabetical order to identify console commands. Permission levels are inferred from the integer values present in each command's file name.

Confirmed Affected Hardware: TSW-760, TSW-1060

Confirmed Affected Firmware: 3.002.1061

Fixed Firmware: no fixed released (product is discontinued and end of life)

For x70

The Affected Firmware:- 3.000.0110.001  and versions below

The Fixed Firmware:- 3.001.0031.001

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000