CVE-2025-61939 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual authentication. An attacker on the local netw…
High CVSS: 8.7

CVE-2025-61939

An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual authentication. An attacker on the local network with admin access to the web server, and the ability to manipulate DNS responses, can redirect the SSH connection to an attacker controlled device.
Vendor
Columbiaweather
Product
Weather Microserver Firmware
CWE
CWE-923
Yayın Tarihi
2026-01-07 21:15:58
Güncelleme
2026-01-22 17:39:18
Source Identifier
ics-cert@hq.dhs.gov
KEV Date Added
-

Kategoriler

CWE-923 Weather Microserver Firmware HIGH Columbiaweather 2026

Referanslar

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-006-01.json https://www.cisa.gov/news-events/ics-advisories/icsa-26-006-01