What is CVE-2025-10650?

CVE-2025-10650 is a vulnerability in Softiron Hypercloud, classified under Improper Privilege Management. Published 2025-09-18.

Is CVE-2025-10650 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Privilege escalation in Softiron Hypercloud

CVE-2025-10650

SoftIron HyperCloud 2.5.0 through 2.6.3 may incorrectly add user SSH keys to the administrator-level authorized keys under certain conditions, allowing unauthorized privilege escalation to admin via SSH. Affects non-production debug and in…

Vulnerability class: Privilege Escalation

EPSS: 0.000 (5.2th percentile) — read the EPSS interpretation.

Affected products

Softiron Hypercloud — versions 2.5.0

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

advisories.softiron.cloud/

Frequently asked questions

What is CVE-2025-10650?: CVE-2025-10650 is a vulnerability in Softiron Hypercloud, classified under Improper Privilege Management. Published 2025-09-18.
Is CVE-2025-10650 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.