cbcvebase.
CVE-2019-25241
published 2025-12-24

CVE-2019-25241: FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can…

PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.65%
46.7th percentile
FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication.

Affected

6 ranges
VendorProductVersion rangeFixed in
iwtfacesentry_access_control_system_firmware
iwtfacesentry_access_control_system_firmware
iwtfacesentry_access_control_system_firmware
iwt_ltdfacesentry_access_control_system
iwt_ltdfacesentry_access_control_system
iwt_ltdfacesentry_access_control_system
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.