cbcvebase.
CVE-2025-1036
published 2025-10-28

CVE-2025-1036: Command injection vulnerability exists in the “Logging” page of the web-based configuration utility. An authenticated user with low privileged network access…

PriorityP264high8.7CVSS 4.0
AVNACLATNPRLUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
1.09%
61.2th percentile
Command injection vulnerability exists in the “Logging” page of the web-based configuration utility. An authenticated user with low privileged network access for the configuration utility can execute arbitrary commands on the underlying OS to obtain root SSH access to the TropOS 4th Gen device.

Affected

1 ranges
VendorProductVersion rangeFixed in
hitachi_energytropos_4th_gen8.7.0.0 – 8.9.6.0

Detection & IOCsextracted from sources · hover to see the quote

  • Monitor for OS command injection attempts targeting the 'Logging' page of the TropOS web-based configuration utility from low-privileged authenticated users
  • Alert on unexpected root SSH sessions originating from the TropOS 4th Gen device, which may indicate successful exploitation of CVE-2025-1036 via the Logging page command injection
  • ·Vulnerability only affects TropOS 4th Gen Firmware versions 8.9.6.0 and prior; devices updated to 8.9.7.0 are not affected
  • ·Exploitation requires authenticated access (low-privileged) to the web-based configuration utility; unauthenticated remote exploitation is not possible
  • ·No known public exploitation of this vulnerability has been reported at time of advisory publication
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.