CVE-2025-10650
Improper SSH Key Handling in Internal Debug Builds May Grant Cluster-Level Access to Non-Administrative Users
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
SoftIron HyperCloud 2.5.0 through 2.6.3 may incorrectly add user SSH keys to the administrator-level authorized keys under certain conditions, allowing unauthorized privilege escalation to admin via SSH. Affects non-production debug and internal development builds created between versions 2.5.0 and 2.6.3. No generally available (GA) or customer-released production builds were affected. There is no evidence that this issue was exposed in customer environments or production deployments.
| CWE | CWE-269 |
| Vendor | softiron |
| Product | hypercloud |
| Published | Sep 18, 2025 |
| Last Updated | Feb 20, 2026 |
Stay Ahead of the Next One
Get instant alerts for softiron hypercloud
Be the first to know when new unknown vulnerabilities affecting softiron hypercloud are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
SoftIron / HyperCloud
2.5.0 < 2.6.4