CVE-2025-1037

Published: Oct 28, 2025

Modified: Oct 28, 2025

PUBLISHED

Description

By making minor configuration changes to the TropOS 4th Gen device, an authenticated user with the ability to run user level shell commands can enable access via secure shell (SSH) to an unrestricted root shell. This is possible through abuse of a particular set of scripts and executables that allow for certain commands to be run as root from an unprivileged context.

Vendor	Product	Versions
Hitachi Energy	TropOS 4th Gen	affected `8.7.0.0 - <= 8.9.6.0`

Weaknesses (CWE)

CWE-269

References

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000214&LanguageCode=en&DocumentPartId=&Action=Launch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-1037

Description

Affected Products

Weaknesses (CWE)

References