EUVD-2025-17093CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Lifecycle Timeline
3Description
A predefined administrative account is not documented and cannot be deactivated. This account cannot be misused from the network, only by local users on the server.
Analysis
Hardcoded administrative account vulnerability in an undocumented system component that cannot be deactivated, allowing local users to gain complete system compromise with high confidentiality, integrity, and availability impact. While the vulnerability carries a critical CVSS 9.4 score, the attack vector is restricted to local access only, significantly reducing real-world network-based exploitation risk. The vulnerability's severity stems from CWE-798 (Use of Hard-Coded Credentials), a foundational authentication bypass mechanism that enables privilege escalation and persistent administrative access.
Technical Context
This vulnerability exploits a hardcoded credential stored within application or system code, representing a failure in secure credential management practices (CWE-798). The predefined administrative account is baked into the software during compilation/deployment and lacks documented removal procedures or deactivation mechanisms. The CVSS 4.0 vector indicates local attack vector (AV:L), requiring physical or logical access to the target system. The high impact ratings (VC:H/VI:H/VA:H/SC:H/SI:H/SA:H) demonstrate that successful exploitation grants complete system compromise including confidentiality breach, integrity modification, and availability disruption across both the vulnerable component and connected systems. The undocumented nature of this account suggests it may be intended for development/debugging purposes that was inadvertently shipped to production.
Affected Products
Specific product name, vendor, and version information is not provided in the CVE description. CPE string data was not included in the vulnerability report. Affected systems are described generically as 'servers' running software with predefined administrative accounts. To identify affected products, cross-reference this CVE against: (1) vendor security advisories mentioning CVE-2025-3321, (2) product documentation disclosing hardcoded accounts, (3) NIST NVD CPE mappings, and (4) affected software vendors' official vulnerability databases. Common affected categories likely include: proprietary enterprise management software, embedded system firmware, legacy server applications, and development/testing platforms where such accounts may have been left in production builds.
Remediation
Immediate remediation steps: (1) Identify and document the predefined administrative account name and default credentials through code review or vendor documentation; (2) Apply vendor-released security patch when available (version numbers not specified in provided data—consult vendor advisory); (3) If patching is delayed, implement compensating controls: enforce strict local access controls via OS-level authentication (PAM, SSSD), disable unnecessary local accounts, implement account lockout policies, and monitor for use of the undocumented account via audit logging; (4) Change or disable the hardcoded account if the system provides administrative interface access; (5) Restrict physical access and SSH/console access to authorized personnel only; (6) Implement host-based intrusion detection to alert on unauthorized administrative access patterns. Long-term: request vendor patch with account removal or secure credential rotation mechanisms, and conduct code review to identify similar hardcoded credentials.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today