{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-27027", "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "state": "PUBLISHED", "assignerShortName": "ENISA", "dateReserved": "2025-02-18T06:59:55.889Z", "datePublished": "2025-07-09T08:31:29.320Z", "dateUpdated": "2025-07-09T13:34:00.352Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "iSAP Smart Collector", "vendor": "Radiflow", "versions": [{"lessThan": "3.02-1", "status": "affected", "version": "1.20", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">A user with </span><i>vpuser</i><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;credentials that opens an SSH connection to the device, gets a restricted shell </span><i>rbash</i><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;that allows only a small list of allowed commands. This vulnerability enables the user to get a full-featured Linux shell, bypassing the </span><i>rbash</i><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;restrictions.</span>\n\n<br></span>"}], "value": "A user with vpuser\u00a0credentials that opens an SSH connection to the device, gets a restricted shell rbash\u00a0that allows only a small list of allowed commands. This vulnerability enables the user to get a full-featured Linux shell, bypassing the rbash\u00a0restrictions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-653", "description": "CWE-653 Improper Isolation or Compartmentalization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "shortName": "ENISA", "dateUpdated": "2025-07-09T09:45:23.169Z"}, "references": [{"tags": ["government-resource"], "url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27027"}], "source": {"discovery": "UNKNOWN"}, "title": "Restricted shell evasion in Radiflow iSAP Smart Collector", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-09T13:32:44.624049Z", "id": "CVE-2025-27027", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-09T13:34:00.352Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-27027", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-09T13:32:44.624049Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-09T13:32:58.912Z"}}], "cna": {"title": "Restricted shell evasion in Radiflow iSAP Smart Collector", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Radiflow", "product": "iSAP Smart Collector", "versions": [{"status": "affected", "version": "1.20", "lessThan": "3.02-1", "versionType": "semver"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27027", "tags": ["government-resource"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A user with vpuser\u00a0credentials that opens an SSH connection to the device, gets a restricted shell rbash\u00a0that allows only a small list of allowed commands. This vulnerability enables the user to get a full-featured Linux shell, bypassing the rbash\u00a0restrictions.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">A user with </span><i>vpuser</i><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;credentials that opens an SSH connection to the device, gets a restricted shell </span><i>rbash</i><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;that allows only a small list of allowed commands. This vulnerability enables the user to get a full-featured Linux shell, bypassing the </span><i>rbash</i><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;restrictions.</span>\n\n<br></span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-653", "description": "CWE-653 Improper Isolation or Compartmentalization"}]}], "providerMetadata": {"orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "shortName": "ENISA", "dateUpdated": "2025-07-09T09:45:23.169Z"}}}, "cveMetadata": {"cveId": "CVE-2025-27027", "state": "PUBLISHED", "dateUpdated": "2025-07-09T13:34:00.352Z", "dateReserved": "2025-02-18T06:59:55.889Z", "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "datePublished": "2025-07-09T08:31:29.320Z", "assignerShortName": "ENISA"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A user with vpuser\u00a0credentials that opens an SSH connection to the device, gets a restricted shell rbash\u00a0that allows only a small list of allowed commands. This vulnerability enables the user to get a full-featured Linux shell, bypassing the rbash\u00a0restrictions."}, {"lang": "es", "value": "Un usuario con credenciales de usuario virtual que abre una conexi\u00f3n SSH al dispositivo obtiene un shell rbash restringido que solo permite una peque\u00f1a lista de comandos permitidos. Esta vulnerabilidad permite al usuario obtener un shell Linux completo, eludiendo las restricciones de rbash."}], "id": "CVE-2025-27027", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 1.4, "source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "type": "Secondary"}]}, "published": "2025-07-09T09:15:26.720", "references": [{"source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27027"}], "sourceIdentifier": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-653"}], "source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "type": "Secondary"}]}

{}

{}