Severity by source
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
The Linux deprivileged user vpuser in Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) can read the entire file system content, including files belonging to other users and having restricted access (like, for example, the root password hash).
AnalysisAI
A security vulnerability in Linux deprivileged user vpuser in Radiflow (CVSS 6.8). Remediation should follow standard vulnerability management procedures.
Technical ContextAI
Vulnerability type not specified by vendor. Affects Linux deprivileged user vpuser in Radiflow.
RemediationAI
Monitor vendor channels for patch availability.
Same weakness CWE-266 – Incorrect Privilege Assignment
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-20792