CVE-2019-25241
published 2025-12-24CVE-2019-25241: FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can…
PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.65%
46.7th percentile
FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| iwt | facesentry_access_control_system_firmware | — | — |
| iwt | facesentry_access_control_system_firmware | — | — |
| iwt | facesentry_access_control_system_firmware | — | — |
| iwt_ltd | facesentry_access_control_system | — | — |
| iwt_ltd | facesentry_access_control_system | — | — |
| iwt_ltd | facesentry_access_control_system | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-12-24
Published