Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-27028

The Linux deprivileged user vpuser in Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) can read the entire file system content, including files belonging to other users and having restricted access (like, for example, the root password hash).

Published

2025-07-09T09:15:26.850

Last Modified

2025-07-10T13:17:30.017

Status

Awaiting Analysis

Source

a6d3dc9e-0591-4a13-bce7-0f5b31ff6158

Severity

CVSSv3.1: 6.8 (MEDIUM)

Weaknesses

Type: Secondary
CWE-266

Affected Vendors & Products

References

https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27028 (a6d3dc9e-0591-4a13-bce7-0f5b31ff6158)