CVE-2025-66237

MEDIUM 6.7

Sunbird DCIM dcTrack and Power IQ Use of Hard-coded Credentials

CVSS Score

6.7

EPSS Score

0.0%

EPSS Percentile

4th

DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host.

CWE	CWE-798
Vendor	sunbird
Product	dcim dctrack
Published	Dec 4, 2025
Last Updated	Jun 4, 2026

Stay Ahead of the Next One

Get instant alerts for sunbird dcim dctrack

Be the first to know when new medium vulnerabilities affecting sunbird dcim dctrack are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Sunbird / DCIM dcTrack

0 ≤ v9.2.0

Sunbird / Power IQ

0 ≤ v9.2.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cisa.gov: https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-05 github.com: https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-338-05.json

Credits

notnotnotveg ([email protected]) reported these vulnerabilities to CISA.