What is CVE-2023-25648?

CVE-2023-25648 is a medium-severity vulnerability in Zte Zxcloud Irai, classified under Incorrect Permission Assignment for Critical Resource. CVSS score: 6.5/10. Published 2023-12-14.

How severe is CVE-2023-25648?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Zte Zxcloud Irai

CVE-2023-25648

There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL to execute command to escalate local privileges.

EPSS: 0.001 (21.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L.

Affected products

Zte Zxcloud Irai — versions All versions up to V7.23.20

Weakness classification (CWE)

CWE-732 — Incorrect Permission Assignment for Critical Resource

References

support.zte.com.cn/support/news/LoopholeInfoDetail.aspx

Frequently asked questions

What is CVE-2023-25648?: CVE-2023-25648 is a medium-severity vulnerability in Zte Zxcloud Irai, classified under Incorrect Permission Assignment for Critical Resource. CVSS score: 6.5/10. Published 2023-12-14.
How severe is CVE-2023-25648?: Medium severity. CVSS v3 base score is 6.5 out of 10.